tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat)>
Subject Re: Am I reinventing the wheel to get letsencrypt certs for Tomcat
Date Fri, 27 Oct 2017 13:29:12 GMT
On 27.10.2017 15:05, Don Flinn wrote:
> Hi Andre,
> I have looked and it may be my ignorance but I didn't find any that seemed
> to fit.  I'll look more closely at the available letsencrypt clients.

It is certainly more my own ignorance, rather than yours. I was only pointing out the 
obvious, since a fair number of people who post questions here seem to not bother doing 
their own homework first, and neglect obvious sources of information such as the WWW or 
the Tomcat FAQ.

Your proposal solution below sounds very nice, and would certainly be of immense help to 
SSL/HTTPS dummies such as myself.
I'm out of my depth already, but on this forum, Christopher may be the person most able to

provide thoughtful and competent comments regarding such matters.
I guess he'll be in shortly, being on the same oceanic side as you are (or seem to be; one

never really knows these days).

> With letsencrypt you first have to authenticate, i.e. show you own the
> site, by letsencrypt logging into your site, e.g. Tomcat and checking a
> token.  Then the Java program can get the letsencrypt certificate.  There
> are two different addresses Tomcat on AWS and the node, which is running
> the Java program.
> I've set Tomcat to listen on port 80 and put the directory structure they
> want in Tomcat ROOT.  The Java program, running on my node, gets the
> letsencrypt authentication token and ftp's it to Tomcat
> ROOT/.well-known/acme-challenge, which is the directory structure they
> expect. letsencryt then authenticates the token which is in Tomcat, by
> retrieving it . The program lets letsencrypt know when the ftp is done  The
> Java program then retrieves the certificate from letsencrypt, puts it in a
> keystore, ftp's the keystore to AWS in the directory in which I've set
> Tomcat to look for the keystore.  It's all done from the one Java program,
> which I can run from my node.  I have yet to incorporate programically
> inserting the certificate into the keystore.  All the other steps are
> working.  It needs testing and doing the update of the certificate, which
> is pretty much the same steps as already programmed.
> Don
> On Fri, Oct 27, 2017 at 7:26 AM, André Warnier (tomcat) <>
> wrote:
>> On 27.10.2017 13:22, Don Flinn wrote:
>>> I am writing a Java program to get a certificate from letsencrypt put it
>>> in
>>> a keystore and ftp it to my Tomcat 9 or any version running on Amazon Web
>>> Services or any place you can fip to.  I intended to contribute it to
>>> Tomcat users.  It's about 80% done. I am able to get the letsencrypt
>>> certificate and do the ftping.   Recent mail indicates that this has
>>> already been done.  If so how can I get the existing code?  No sense
>>> duplicating existing work.
>>> Indeed.
>> Searching Google for "tomcat letsencrypt" seems to get a number of hits.
>> Did you look at them ?
>> (I haven't)
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message