Ladies and Gentlemen:
The server that had me tearing my hair out has now been entirely
switched over to Let's Encrypt, and it's working quite well, so far.
Thanks to everybody on this List, on the Orange County Linux User Group
List, on Server Fault, and on the Bitnami support board, who assisted.
In particular, thanks to Christopher Schultz. It is always good to be
able to stand upon the shoulders of a giant.
Some things I learned that may be of use to others:
1. If one is unable to get Certbot to work in a given situation, Lego
may be a viable alternative. It does, however, require a brief server
shutdown to run, as it does need to take over the ports while operating.
2. If one is having trouble getting Lego to work when you have ports
mapped (e.g., 8443 appearing as 443 from the outside via iptables),
adding "--http.port :80" and/or "--tls.port :8443" to the lego
invocation may help.
3. If one is having trouble getting Tomcat to use .crt and .key files,
it is not difficult to turn them into a PKCS12 keystore, which Tomcat
can then use. (Again, thanks, Mr. Schultz!)
--
James H. H. Lampert
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
