Jerry, the quotes were messed up.
See the correct command below inline. > Am 28.12.2020 um 11:10 schrieb logo <[email protected]>: > > Jerry, > > Try this after regenerating the LE certs > > curl -u <user> > "https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=8443&op=reloadSslHostConfigs > > <https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=8443&op=reloadSslHostConfigs>" > > for all domains or > > curl -u <user> > "https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=8443&op=reloadSslHostConfig&ps=<domain > to reload>" > > for just the needed domain. > > Adjust the port to your SSL-Connector. > > Add a <user> to tomcat-users.xml > <user username="<user>" password="<passwd>" roles="manager-jmx"/> > > Beware not to open the Manager App to the public - just localhost. > > HTH > > Peter > > >> Am 26.12.2020 um 18:42 schrieb Jerry Malcolm <[email protected]>: >> >> We have a production environment where we rarely reboot Tomcat. LetsEncrypt >> auto-updates the certificates every couple of months. But the new >> certificates are not loaded into Tomcat. So when the original expiration >> date of the certs arrives, users get "certificate expired" even though new >> certs exist. A simple reboot to load the new certs fixes it. But we want >> to avoid reboots. Are there any config parameters that tell TC to check for >> cert updates and reload the new certs? Thx >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
