Return-Path: <users-return-263061-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id E2888200D2D
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Fri, 27 Oct 2017 15:29:21 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id E1067160BDC; Fri, 27 Oct 2017 13:29:21 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 3231C1609E9
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 27 Oct 2017 15:29:21 +0200 (CEST)
Received: (qmail 52378 invoked by uid 500); 27 Oct 2017 13:29:19 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 52367 invoked by uid 99); 27 Oct 2017 13:29:19 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Oct 2017 13:29:19 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id AB8891808A3
	for <users@tomcat.apache.org>; Fri, 27 Oct 2017 13:29:18 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level: 
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=6.31
	tests=[SPF_PASS=-0.001] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id rZqDeqtmO_Iv for <users@tomcat.apache.org>;
	Fri, 27 Oct 2017 13:29:17 +0000 (UTC)
Received: from thor.wissensbank.com (thor.wissensbank.com [81.169.250.120])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 8F1905FB32
	for <users@tomcat.apache.org>; Fri, 27 Oct 2017 13:29:16 +0000 (UTC)
Received: from thor.wissensbank.com (localhost [127.0.0.1])
	by thor.wissensbank.com (Postfix) with ESMTP id 996213DC803C3
	for <users@tomcat.apache.org>; Fri, 27 Oct 2017 15:29:15 +0200 (CEST)
Received: by thor.wissensbank.com (Postfix, from userid 500)
	id 8D68B3DC803C4; Fri, 27 Oct 2017 15:29:15 +0200 (CEST)
Received: from [192.168.245.129] (pd956abfc.dip0.t-ipconnect.de [217.86.171.252])
	(Authenticated sender: andre.warnier@ice-sa.com)
	by thor.wissensbank.com (Postfix) with ESMTPA id 7476A3DC803C3
	for <users@tomcat.apache.org>; Fri, 27 Oct 2017 15:29:13 +0200 (CEST)
Subject: Re: Am I reinventing the wheel to get letsencrypt certs for Tomcat
To: users@tomcat.apache.org
References: <CAJteSfw_7-EofkDSKFOwA3c6oTPnWM_vLYq=+DESzL44neFoFA@mail.gmail.com>
 <59F31800.8040406@ice-sa.com>
 <CAJteSfw8adGetst8JL6MDaOotV6EPSfEiR_Hgd1JQJVAcz=U7w@mail.gmail.com>
From: =?UTF-8?Q?Andr=c3=a9_Warnier_=28tomcat=29?= <aw@ice-sa.com>
Message-ID: <59F334A8.3060503@ice-sa.com>
Date: Fri, 27 Oct 2017 15:29:12 +0200
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101
 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <CAJteSfw8adGetst8JL6MDaOotV6EPSfEiR_Hgd1JQJVAcz=U7w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV using ClamSMTP
archived-at: Fri, 27 Oct 2017 13:29:22 -0000

On 27.10.2017 15:05, Don Flinn wrote:
> Hi Andre,
>
> I have looked and it may be my ignorance but I didn't find any that seemed
> to fit.  I'll look more closely at the available letsencrypt clients.

It is certainly more my own ignorance, rather than yours. I was only pointing out the 
obvious, since a fair number of people who post questions here seem to not bother doing 
their own homework first, and neglect obvious sources of information such as the WWW or 
the Tomcat FAQ.

Your proposal solution below sounds very nice, and would certainly be of immense help to 
SSL/HTTPS dummies such as myself.
I'm out of my depth already, but on this forum, Christopher may be the person most able to 
provide thoughtful and competent comments regarding such matters.
I guess he'll be in shortly, being on the same oceanic side as you are (or seem to be; one 
never really knows these days).

>
> With letsencrypt you first have to authenticate, i.e. show you own the
> site, by letsencrypt logging into your site, e.g. Tomcat and checking a
> token.  Then the Java program can get the letsencrypt certificate.  There
> are two different addresses Tomcat on AWS and the node, which is running
> the Java program.
>
> I've set Tomcat to listen on port 80 and put the directory structure they
> want in Tomcat ROOT.  The Java program, running on my node, gets the
> letsencrypt authentication token and ftp's it to Tomcat
> ROOT/.well-known/acme-challenge, which is the directory structure they
> expect. letsencryt then authenticates the token which is in Tomcat, by
> retrieving it . The program lets letsencrypt know when the ftp is done  The
> Java program then retrieves the certificate from letsencrypt, puts it in a
> keystore, ftp's the keystore to AWS in the directory in which I've set
> Tomcat to look for the keystore.  It's all done from the one Java program,
> which I can run from my node.  I have yet to incorporate programically
> inserting the certificate into the keystore.  All the other steps are
> working.  It needs testing and doing the update of the certificate, which
> is pretty much the same steps as already programmed.
>
> Don
>
> On Fri, Oct 27, 2017 at 7:26 AM, André Warnier (tomcat) <aw@ice-sa.com>
> wrote:
>
>> On 27.10.2017 13:22, Don Flinn wrote:
>>
>>> I am writing a Java program to get a certificate from letsencrypt put it
>>> in
>>> a keystore and ftp it to my Tomcat 9 or any version running on Amazon Web
>>> Services or any place you can fip to.  I intended to contribute it to
>>> Tomcat users.  It's about 80% done. I am able to get the letsencrypt
>>> certificate and do the ftping.   Recent mail indicates that this has
>>> already been done.  If so how can I get the existing code?  No sense
>>> duplicating existing work.
>>>
>>> Indeed.
>> Searching Google for "tomcat letsencrypt" seems to get a number of hits.
>> Did you look at them ?
>> (I haven't)
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org