If you set up tomcat manager up, you can reload certificate with something like Stop Connector – curl http://localhost:8080/manager/jmxproxy?invoke=Catalina %3Atype%3DConnector%2Cport%3D8443&op=stop Start Connector – curl http://localhost:8080/manager/jmxproxy?invoke=Catalina %3Atype%3DConnector%2Cport%3D8443&op=start (source: http://people.apache.org/~schultz/ApacheCon%20NA%202017/Let's%20Encrypt%20Apache%20Tomcat.pdf )
This is probably faster than reboot the whole tomcat, I haven't tried it. This looks imperfect as hell. Honestly, I thought that reloadAfterNDays param to server.xml would be better, but admins didn't have an understanding on this topic. On Sat, Dec 26, 2020 at 6:49 PM Jerry Malcolm <techst...@malcolms.com> wrote: > We have a production environment where we rarely reboot Tomcat. > LetsEncrypt auto-updates the certificates every couple of months. But > the new certificates are not loaded into Tomcat. So when the original > expiration date of the certs arrives, users get "certificate expired" > even though new certs exist. A simple reboot to load the new certs > fixes it. But we want to avoid reboots. Are there any config > parameters that tell TC to check for cert updates and reload the new > certs? Thx > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >