Thanks for the info. I'll try to figure out a way to integrate this.
The problem is that I don't really know when the certs get regen'd. I
have a daily cron job that calls certbot to renew. But it only renews
when it decides it's time to renew. TC is so good about monitoring
other folders for changes such as war files, jar files, etc and
automatically refreshing when it detects a file update. I was just
hoping that there was something buried inside TC that I had missed that
tells TC to monitor the certs and refresh if the certs are updated.
On 12/28/2020 4:12 AM, logo wrote:
Jerry,
the quotes were messed up.
See the correct command below inline.
Am 28.12.2020 um 11:10 schrieb logo <l...@kreuser.name>:
Jerry,
Try this after regenerating the LE certs
curl -u <user>
"https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=8443&op=reloadSslHostConfigs
<https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=8443&op=reloadSslHostConfigs>"
for all domains or
curl -u <user>
"https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=8443&op=reloadSslHostConfig&ps=<domain
to reload>"
for just the needed domain.
Adjust the port to your SSL-Connector.
Add a <user> to tomcat-users.xml
<user username="<user>" password="<passwd>" roles="manager-jmx"/>
Beware not to open the Manager App to the public - just localhost.
HTH
Peter
Am 26.12.2020 um 18:42 schrieb Jerry Malcolm <techst...@malcolms.com>:
We have a production environment where we rarely reboot Tomcat. LetsEncrypt auto-updates
the certificates every couple of months. But the new certificates are not loaded into
Tomcat. So when the original expiration date of the certs arrives, users get
"certificate expired" even though new certs exist. A simple reboot to load the
new certs fixes it. But we want to avoid reboots. Are there any config parameters that
tell TC to check for cert updates and reload the new certs? Thx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org