Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: aufloeser.bayern (domain of my customer) It has already a certificate from this project. The owner want's to switch the webserver to me, so I will need to install a new certificate on my server for his domain. Currently the DNS isn't uopdated so the domain still points to the old server. But i want to avoid interuption of the SSL protocol when I will switch the domain to the new server.
Also I would like to request more certificates for different domains of my customers. I don't want to charge my customers for the SSL certificates, but I#m willing to pay or make a donation for this project if I can use it to make my certificate requests trough it.
I ran this command:
It produced this output:
My web server is (include version): Tomcat 9.0.43
The operating system my web server runs on is (include version): Windows Server 2019 Standard edition
My hosting provider, if applicable, is: 1&1
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
As for your first question: you require proof of ownership of the domain name through one of the challenges. It's possible to delegate such challenges using for example a HTTP Location header ("HTTP redirect") in case of the http-01 challenge or by using a CNAME resource record for the dns-01 challenge. So your customer could implement one of those redirects pointing them to your server so you can get a certificate.
Well, it is not realy a big issue to install a certificate on Tomcat. I already did it and it works very well.
Special combinations have an advantage: Hackers concentrate on the most widely spread combinations. It's not worth for them to create hacks for such special combinations. They would not have the same impact as creating hacks for widely spread OS and Webserver. I see in the log files that a lot of attacks expect a Unix system behind the server
I have a certificate installed on this domain: www.pret-immo.lu
The current certificate works well but will expire in some month. I will try to install the LetsEncrypt certificates on my infratsructure. Maybe the combination of Windows + Tomcat is too specific but these two topics may be interesting each for itself. I may keep you informed about the different steps on this thread.