Using IspCOnfig3 LE cert on a tomcat application on same server as apache 2.4.x?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: menorpreco.biz

I ran this command:

It produced this output:

My web server is (include version): tomcat 9.0.29 and JVM 11 and apache 2.4.x (worker) with sni and http2 enabled

The operating system my web server runs on is (include version): ubuntu 18.04.1 bionic

My hosting provider, if applicable, is: N/A (firewall open on ports needed)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ISPConfig3.1 latest patch

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.27.0

I alm trying to get the ISPConfig3 working SSL certificate (which is issued by Let’s Encrypt via certbot) to work for the https secured version of the apache openmeetings project at the following URL

https://menorpreco.biz:5443/openmeetings

It is accessable, however the openmettings project cannot be used because all the major browsers say the site is insecure.

So, to sum up:
https://meorpreco.biz is properly secured by LE cert issued via certbot controlled by ISPConfig3.1 - this when apache 2.4 is running and serving pages.

however

https://menorpreco.biz:5443/openmeetings is NOT secured - regardless of whether or not apache2 is started - tomcat is serving this page.

Can I use the existing LE certificate for menorpreco.biz (served by apache 2.4.x) for port 5443/openmeetings served by tomcat 9?

I tried creting a symbolic link from the /var/www/clients/client0/web2/ssl/ directory which contains the 3 files generated by LE through certbot and ISPConfig3:
menorpreco.biz-le.crt
menorpreco.biz-le.key
and menorpreco.biz-le.bundle

to /opt/open503/conf/keystore
but that didn’t work - I am new at java applications, but must get this openmeetings software working for a community school that is in lockdown because of the coronavirus so classes can continue from home.

So, Can I use the existing LE certificate to secure the same domain served by tomcat 9 on port 5443, and if so, how?

Thank you

1 Like

Yes, you have to config Tomcat to use the cert.

Yes, definitely.
Have a look a this tutorial: Tutorial - Java KeyStores (JKS) With Let's Encrypt
And feel free to search the interwebs for other examples, etc.

1 Like