Here is a mostly manual process for integration of certbot with tomcat 7.x.x. This presupposes you have certbot installed and working (I'm using Debian): --------------------------------------------------------------------------------------
// generate the certificates ./certbot-auto certonly --webroot -w /path/to/certbotauth/ // paste in domain1.com domain2.com domain3.com domainN.com // convert key format openssl pkcs12 -export -out gbsapp-bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:keystorepass // change folders into the directory where the cert was generated cd /etc/letsencrypt/live/primarydomain.com/ // copy key and change permissions cp bundlename-bundle.pfx /pathtotomcat/apache-tomcat-7.x.x/conf/ Here is what I'm using to handle the certbot challenge in my custom MVC: -------------------------------------------------------------------------------------------------- if(request.getPathInfo().indexOf("acme-challenge") > 0) { // certbot request // todo - further validate authenticity of request // example: /.well-known/acme-challenge/Z9kDHD-PDvjAPT6pUaeGCoNP2f-GNoLFpXOKoAA_58k: String certAuthRoot = "certbot/auth/folder/path"; log.info("Cert bot challenge detected."); File file = new File(certAuthRoot + request.getPathInfo()); FileInputStream fis = new FileInputStream(file); OutputStream os = response.getOutputStream(); int fileContents; while((fileContents = fis.read()) != -1) { os.write(fileContents); } os.flush(); fis.close(); return; } Hope this helps, John On 4/17/19, Sean Dawson <seandawson2...@gmail.com> wrote: > On Wed, Apr 17, 2019 at 9:20 AM Sean Dawson <seandawson2...@gmail.com> > wrote: > >> >> Hello, I have a widlcard certificate from GoDaddy. Can I use this with >> Tomcat? (8.5) >> >> I have the files crt (primary certificate?), p7b (intermediate?), pfx >> (private key?), and a .key file. I did not generate a certificate request >> prior to this. >> >> Google is telling me that either I need to generate a certificate request >> first, or it's telling everything I need to know about wildcard >> certificates except how to use the above files. >> >> This is for Tomcat 8.5 with Java 8 on CentOS 7, and Windows Server 2016. >> >> Thank you. >> >> > Ok just for others' benefit if they want to go this way, I was able to get > it working by concatenating the .key and the .crt file into one .pem. Then > do this: > > openssl pkcs12 -export -in combined.pem -out cert.p12 > > And then this: > > keytool -importkeystore -srckeystore cert.p12 -srcstoretype pkcs12 > -destkeystore cert.jks > > (from this page: > https://stackoverflow.com/questions/22296312/convert-certificate-from-pem-into-jks > ) > > Sorry for the earlier top posting. > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org