On Sat, Dec 26, 2020 at 6:46 PM John Larsen
wrote:
> This is why we set up SSL through the web server instead of tomcat.
> Apache webserver -> SSL -> Mod_jk <-> Tomcat
>
It might be easier to install but performance-wise it doesn't make sense.
If you care about performances, I think you should m
If you set up tomcat manager up, you can reload certificate with something
like
Stop Connector – curl http://localhost:8080/manager/jmxproxy?invoke=Catalina
%3Atype%3DConnector%2Cport%3D8443&op=stop
Start Connector – curl http://localhost:8080/manager/jmxproxy?invoke=Catalina
%3Atype%3DConnector%2C
This is why we set up SSL through the web server instead of tomcat.
Apache webserver -> SSL -> Mod_jk <-> Tomcat
John Larsen
On Sat, Dec 26, 2020 at 10:43 AM Jerry Malcolm
wrote:
> We have a production environment where we rarely reboot Tomcat.
> LetsEncrypt auto-updates the certificates ever
We have a production environment where we rarely reboot Tomcat.
LetsEncrypt auto-updates the certificates every couple of months. But
the new certificates are not loaded into Tomcat. So when the original
expiration date of the certs arrives, users get "certificate expired"
even though new cert
