Enabling HTTPS On Tomcat Using Let’s Encrypt

I’ve previously written on enabling HTTPS on your website using Let’s Encrypt. I showed that, with Let’s Encrypt, it’s quite easy to secure your Apache web server and, as a bonus, also showed how to secure your Dovecot mail server. But what if you are using Apache Tomcat? That’s quite easy, too!

Let us say your Tomcat installation directory is /usr/local/tomcat.

Copy the files generated by Let’s Encrypt in /etc/letsencrypt/live/server.example.com to /usr/local/tomcat/conf:

# cd /etc/letsencrypt/live/server.example.com
# cp cert.pem chain.pem privkey.pem /usr/local/tomcat/conf

Set the owner to tomcat:

# cd /usr/local/tomcat/conf
# chown tomcat.tomcat *.pem

Edit server.xml and add/update the HTTPS connector element with this:

<Connector port=”8443? protocol=”org.apache.coyote.http11.Http11NioProtocol” maxThreads=”150? SSLEnabled=”true”>
<SSLHostConfig>
<Certificate certificateFile=”conf/cert.pem” certificateKeyFile=”conf/privkey.pem” certificateChainFile=”conf/chain.pem” />
</SSLHostConfig>
</Connector>

Finally, restart Tomcat, open your browser, and go to server.example.com. It should now be encrypted and secure.