Simplest guide to config tomcat to use https with lets encrypt’s free cert
Support you have generate a standalone cert using certbot command, and your cert is in /etc/letsencrypt/live/ . If not, follow this https://www.digitalocean.com/community/tutorials/how-to-use-certbot-standalone-mode-to-retrieve-let-s-encrypt-ssl-certificates-on-ubuntu-16-04
Execute openssl command and remember your password
openssl pkcs12 -export -out /tmp/tomcat.quantr.hk_fullchain_and_key.p12 \ -in /etc/letsencrypt/live/quantr.hk-0001/fullchain.pem \ -inkey /etc/letsencrypt/live/quantr.hk-0001/privkey.pem \ -name tomcat
keytool -importkeystore \ -deststorepass <password> -destkeypass <password> -destkeystore /tmp/tomcat.quantr.hk.jks \ -srckeystore /tmp/tomcat.quantr.hk_fullchain_and_key.p12 -srcstoretype PKCS12 -srcstorepass <password> \ -alias tomcat
cp /tmp/tomcat.quantr.hk.jks /home/tomcat.quantr.hk/apache-tomcat-9.0.29/conf chmod o-rwx /home/tomcat.quantr.hk/apache-tomcat-9.0.29/conf/tomcat.quantr.hk.jks
Edit tomcat’s conf/server.xml, you just need one connector to serve 8443, no need other conntector
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="conf/tomcat.quantr.hk.jks" certificateKeystorePassword="<password>" type="RSA" /> </SSLHostConfig> </Connector>
Restart your tomcat, it is done. Below is the virtualhost to forward https connection from apache to tomcat, this step is optional, only need if you use apache for public facing server.
<VirtualHost *:443> ProxyRequests Off SSLEngine On SSLProxyEngine On SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLCertificateFile /etc/letsencrypt/live/quantr.hk-0001/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/quantr.hk-0001/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf ProxyPreserveHost On ProxyPass / https://localhost:8443/ ProxyPassReverse / https://localhost:8443/ ServerName tomcat.quantr.hk ErrorLog ${APACHE_LOG_DIR}/tomcat.quantr.hk-error.log CustomLog ${APACHE_LOG_DIR}/tomcat.quantr.hk-access.log common </VirtualHost>