hi @Nephilimi
The article is here: Tutorial - Java KeyStores (JKS) With Let's Encrypt
At the bottom there are a couple of automation scripts as well.
The key take aways
A JKS is not a certificate. It’s a store and as such you can have multiple certificates in one store.
You can have either SAN or Single Domain Certificates
You should import the intermediate into each JKS you are going to work with
Depending on how your tomcat is setup you can use the JKS from tomcat webconfig.server file or within Java (you need to find out which one)
I would suggest keeping the master JKS on your certbot server and then when new certs are obtained copying it to the customers servers (rather than trying to work with JKS files on each customer server and copying CSRs and certs back and forwards)
Andrei