tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Don Flinn <>
Subject Re: Am I reinventing the wheel to get letsencrypt certs for Tomcat
Date Fri, 27 Oct 2017 13:05:02 GMT
Hi Andre,

I have looked and it may be my ignorance but I didn't find any that seemed
to fit.  I'll look more closely at the available letsencrypt clients.

With letsencrypt you first have to authenticate, i.e. show you own the
site, by letsencrypt logging into your site, e.g. Tomcat and checking a
token.  Then the Java program can get the letsencrypt certificate.  There
are two different addresses Tomcat on AWS and the node, which is running
the Java program.

I've set Tomcat to listen on port 80 and put the directory structure they
want in Tomcat ROOT.  The Java program, running on my node, gets the
letsencrypt authentication token and ftp's it to Tomcat
ROOT/.well-known/acme-challenge, which is the directory structure they
expect. letsencryt then authenticates the token which is in Tomcat, by
retrieving it . The program lets letsencrypt know when the ftp is done  The
Java program then retrieves the certificate from letsencrypt, puts it in a
keystore, ftp's the keystore to AWS in the directory in which I've set
Tomcat to look for the keystore.  It's all done from the one Java program,
which I can run from my node.  I have yet to incorporate programically
inserting the certificate into the keystore.  All the other steps are
working.  It needs testing and doing the update of the certificate, which
is pretty much the same steps as already programmed.


On Fri, Oct 27, 2017 at 7:26 AM, André Warnier (tomcat) <>

> On 27.10.2017 13:22, Don Flinn wrote:
>> I am writing a Java program to get a certificate from letsencrypt put it
>> in
>> a keystore and ftp it to my Tomcat 9 or any version running on Amazon Web
>> Services or any place you can fip to.  I intended to contribute it to
>> Tomcat users.  It's about 80% done. I am able to get the letsencrypt
>> certificate and do the ftping.   Recent mail indicates that this has
>> already been done.  If so how can I get the existing code?  No sense
>> duplicating existing work.
>> Indeed.
> Searching Google for "tomcat letsencrypt" seems to get a number of hits.
> Did you look at them ?
> (I haven't)
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message