Hi Andre, I have looked and it may be my ignorance but I didn't find any that seemed to fit. I'll look more closely at the available letsencrypt clients.
With letsencrypt you first have to authenticate, i.e. show you own the site, by letsencrypt logging into your site, e.g. Tomcat and checking a token. Then the Java program can get the letsencrypt certificate. There are two different addresses Tomcat on AWS and the node, which is running the Java program. I've set Tomcat to listen on port 80 and put the directory structure they want in Tomcat ROOT. The Java program, running on my node, gets the letsencrypt authentication token and ftp's it to Tomcat ROOT/.well-known/acme-challenge, which is the directory structure they expect. letsencryt then authenticates the token which is in Tomcat, by retrieving it . The program lets letsencrypt know when the ftp is done The Java program then retrieves the certificate from letsencrypt, puts it in a keystore, ftp's the keystore to AWS in the directory in which I've set Tomcat to look for the keystore. It's all done from the one Java program, which I can run from my node. I have yet to incorporate programically inserting the certificate into the keystore. All the other steps are working. It needs testing and doing the update of the certificate, which is pretty much the same steps as already programmed. Don On Fri, Oct 27, 2017 at 7:26 AM, André Warnier (tomcat) <a...@ice-sa.com> wrote: > On 27.10.2017 13:22, Don Flinn wrote: > >> I am writing a Java program to get a certificate from letsencrypt put it >> in >> a keystore and ftp it to my Tomcat 9 or any version running on Amazon Web >> Services or any place you can fip to. I intended to contribute it to >> Tomcat users. It's about 80% done. I am able to get the letsencrypt >> certificate and do the ftping. Recent mail indicates that this has >> already been done. If so how can I get the existing code? No sense >> duplicating existing work. >> >> Indeed. > Searching Google for "tomcat letsencrypt" seems to get a number of hits. > Did you look at them ? > (I haven't) > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
