My domain is: dancingcloudservices.net
I ran this command: sudo certbot certonly --standalone
It produced this output: four files (and a lot more): cert.pem, chain.pem, fullchain.pem, privkey.pem (all under /etc/letsencrypt/live/dancingcloudservices.net
My web server is (include version): Tomcat 9
The operating system my web server runs on is (include version): Ubuntu 22.04.1 LTS
My hosting provider, if applicable, is: (not sure if this is applicable, I'm effectively self-hosted, just the underlying machine is "hosted") AWS
I can login to a root shell on my machine: Yes
I'm using a control panel to manage my site: No
The version of my client is: certbot 1.21.0
EDIT: I have a feeling I might have a permission problem (which would, of course, make it a 100% tomcat problem, less appropriate to have asked here). I'm going to see if I can make any progress on this line of reasoning (Of course, I still very much welcome any suggestions anyone might have).
EDIT 2: I found an entry in the catalina.out log file:
java.io.FileNotFoundException: Configured file [/etc/letsencrypt/archive/dancingcloudservices.net/cert1.pem] does not exist
However, that's not actually true (Notes: I went with the archive file in case the soft link was causing confusion and I also set the ownership to "tomcat" after first noticing this complaint and realizing that the owner was root). ls -l ... produces:
-rw-r--r-- 1 tomcat tomcat 1866 Mar 24 21:23 /etc/letsencrypt/archive/dancingcloudservices.net/cert1.pem
EDIT 3: The installation of tomcat is provided by AWS, and I'm very unclear about it's provenance. In particular, I think I might be missing the "Apache Portable Runtime" which seems like it's needed in order to use the connector that permits direct use of openssl and thereby these standard format key/certificate files.
I will build tomcat from source, build the APR, and see where that goes. Might take a while though...
Original follows:
I'm trying to get a trivial tomcat application to run under https. It works under http, and I configured it successfully to run on port 80 (i.e. I'm pretty certain I have edited the right config file--there are two, and one is not used). Unfortunately, I'm getting complaints from my browser to the effect of:
dancingcloudservices.net sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I admit I'm very new at this (this is a learning exercise at this stage) so I might easily have overlooked the obvious.
I ran:
sudo certbot certonly --standalone
which populated a bunch of stuff under /etc/letsencrypt...
And I configured tomcat's server.xml file with changes in these two blocks (this is the current version)
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
and:
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="50" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate
certificateKeyFile="/etc/letsencrypt/live/dancingcloudservices.net/chain.pem"
certificateFile="/etc/letsencrypt/live/dancingcloudservices.net/cert.pem"
certificateChainFile="/etc/letsencrypt/live/dancingcloudservices.net/chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
Can anyone suggest where I should start with investigating/fixing this?