How to enable letsencrypt tomcat9

ederjdi · June 30, 2022, 5:14pm

Good afternoon dear colleagues, I have a doubt and I would like your help, I am using an unbuntu linux with tomcat9 I managed to generate the letsencrypt keys (chain.pem, fullchain.pem, privkey.key and cert.pem) and they are inside the /etc/letsencrypt folder

my question is how to activate it in tomcat9.

in the server.xml file I have the following configuration:

<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="/etc/certs/privkey.key" certificateFile="/etc/certs/cert.pem" certificateChainFile="/etc/certs/chain.pem" type="RSA">
        </SSLHostConfig>
    </Connector>

the browser gives an error saying it has no certificate, all ports 80 and 443 are released and I tested with another certificate and it worked. Something I'm wrong in the configuration of tomcat9 with letsencrypt can anyone help me

Thank you very much

rg305 · June 30, 2022, 5:22pm

That is not the normal install path for LE certificates.
Are the cert files there?

ederjdi · June 30, 2022, 5:51pm

I copied the files to this folder

rg305 · June 30, 2022, 9:19pm

Here is an example of something that worked for me recently.
[You will have to create a PFX file from the PEM files though]

<Connector
                port="443"
                protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="200"
                SSLEnabled="true"
                scheme="https"
                secure="true"
                keystoreType="PKCS12"
                keystoreFile="Path To PFX"
                keystorePass="Your Password"
                clientAuth="false"
                sslEnabledProtocols="TLSv1.2"
                ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
                TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
                TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
                TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"
/>

Topic		Replies	Views
SSL for Tomcat8 (Resolved) Help	4	7373	April 9, 2018
Using let's encrypt with tomcat Server	10	39798	September 30, 2017
Minimal, manual, config with Tomcat 9? Help	20	2377	April 24, 2023
Configuring Let’s Encrypt with Tomcat 8 on Debian 9 Server	2	2473	May 27, 2018
LetsEncrypt SSL Issue with Tomcat 9.0.4 Help	3	940	April 2, 2022

How to enable letsencrypt tomcat9

Related topics