SSL certificate in Ubuntu 20 Tomcat 9 does not work

hmartinez · May 5, 2021, 7:29am

Hi there, I would like your help, if you can help me I will very gratefull.

I have succesfully installed a Let's Encrypt cerfificate in a Ubuntu 20 distribution using apache-tomcat 9.0.36 server, every thing seems well but in the browser I can't get my aplication with the https:\ protocol only with the http:..My domain is: mantprev.com

In the configuration file (server.xml) I have included the conector with the certicates files paths:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
              maxThreads="150" SSLEnabled="true" >
      <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
      <SSLHostConfig>
            <Certificate certificateKeyFile="/etc/letsencrypt/live/mantprev.com/privkey.pem" 
                           certificateFile="/etc/letsencrypt/live/mantprev.com/fullchain.pem" 
                           type="RSA" />
      </SSLHostConfig>
</Connector>

I have checked the catalina file log and everything is ok. But the certificate is not working

My hosting provider, if applicable, is: linode

Can you help me please.??

JuergenAuer · May 5, 2021, 7:46am

Hi @hmartinez

I don't know how Tomcat works.

But checking your domain:

http://mantprev.com/

https://mantprev.com:8443/

works.

So you have a standard-port 80 / http and a non-standard port 8443 / https.

Looks like you have to use port 443 in your config file.

Port 443 has a blocking answer. Runs there another program? Or is there a firewall?

webprofusion · May 5, 2021, 8:19am

If you find you can't run on port 443 due to permissions you may want to consider running apache, nginx or caddy as a reverse proxy (Reverse proxy quick-start — Caddy Documentation). That way Tomcat isn't elevated to root and it doesn't have to fend off random internet attacks all on it's own.

hmartinez · May 6, 2021, 4:19am

Hi @JuergenAuer, you are right, I have found in internet the same advise you suggest (use a reverse proxy). Right now I am working in that. I hope everything result fine. Thanks for your reply

hmartinez · May 6, 2021, 4:25am

Hi @JuergenAuer,
Thanks for reply my question. About the port 443 that has a blocking answer, no, there is not another program. I have been browsing to find a solution to this problem, until now without success, but I have learned that SSL with Tomcat has a number of drawbacks that can be manage with a reverse proxi, as the advise that gave @webprofusion, so, that is what I will try to do. Anyway, thaks for your help

system · June 5, 2021, 4:26am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.