I have used the method at Using let's encrypt with tomcat to install certificates for tomcat. Not sure how to renew