Seeking Ubuntu Tomcat8 SSL Guide/Tutorial


Hi guys,
I’m trying to find a HowTo guide or tutorial on LetsEncrypt setup for Apache Tomcat8. So far I have found a lot of help discussion but no complete guide. Can anyone direct me to one?

I have found some guide that shows how to install LetsEncypt on Apache2 Server and then use it as a reverse proxy for Tomcat8. However, I’m not looking for that. I’ll prefer Tomcat Server to run SSL.

I’m looking for the following setting:
Tomcat8 will install the LetsEncrypt certificate that will run on port 8443. This can be either JSSE or APR implementation.

Here are my server details:
Ubuntu 16.04
Tomcat Version: 8.0.32
JVM Version: 1.8.0_181-b13
Target Port to run LetsEncrypt SSL: 8443

Thanks in advance.



Take a look at this blog post please.

Thank you


Thanks for the link.

I did following through the guide I’m getting the error:
“This site can’t be reached
I did change the Connector Port to 8443 from 443 as it was shown in the guide. Anyway, I have also tried port 443 and that didn’t work either.

I have checked my firewall settings and it allows both 8443 and 443.

Note that my Self-Signed certificate works on port 8443, so firewall isn’t the issue. But when I change the server.xml to point to the Let’s Encrypt certificate using the config example given here, I’m getting the ERR_TIMED_OUT error.

This is my server.xml looks like:

<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

    <Resource name="UserDatabase" auth="Container"
              description="User database that can be updated and saved"
              pathname="conf/tomcat-users.xml" />

  <Service name="Catalina">

    <Connector port="8080" protocol="HTTP/1.1"
               redirectPort="8443" />

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
            <Certificate certificateKeyFile="/etc/letsencrypt/live/I-Placed-My-Domain-Here/privkey.pem"
                         type="RSA" />
<Engine name="Catalina" defaultHost="localhost">

      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />


Please note that I know my Let’s Encrypt Certificate works and the path is correct because on Apache2 I get valid certificate when I point the browser to

Thanks in advance for any suggestion.



The server.xml in that blog has the following lines:

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
            <Certificate certificateKeyFile="/etc/letsencrypt/live/YOUR_WEBSITE_HERE/privkey.pem"
                         type="RSA" />

By the way, did you restart the server after make changes those files?

Thank you



The only difference in the config that is in that blog and mine is in the following line:

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

I replaced port=443 to 8443

I have also tried with port 443 and I get a timeout.

Yes, I restart Tomcat server after every time the config file is changed and I have checked that there are no firewall port blocks (my self signed certificate works on port 8443).

Not sure I’m missing out anything else.



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.