So, finally sorted! Tomcat tamed!
I used this tutorial
- Since I have certifcates and a private key already, I do not have to get new ones.
- Althouth cerbot-auto was used (which I suspect is depricated) just certbot could be used if certs and key are needed.
- Just need to setup cronjob to automate cert's renewal, exporting certs and privkey, and importing pkcs12 into keystore.
Really appreciate you guys' effort! Thanks a lot!