I’ve previously written on enabling HTTPS on your website using Let’s Encrypt. I showed that, with Let’s Encrypt, it’s quite easy to secure your Apache web server and, as a bonus, also showed how to secure your Dovecot mail server. But what if you are using Apache Tomcat? That’s quite easy, too!
Let us say your Tomcat installation directory is /usr/local/tomcat.
Copy the files generated by Let’s Encrypt in /etc/letsencrypt/live/server.example.com to /usr/local/tomcat/conf:
# cd /etc/letsencrypt/live/server.example.com # cp cert.pem chain.pem privkey.pem /opt/tomcat/conf
Set the owner to tomcat:
# cd /usr/local/tomcat/conf # chown tomcat.tomcat *.pem
Edit server.xml and add/update the HTTPS connector element with this:
<Connector port=”8443? protocol=”org.apache.coyote.http11.Http11NioProtocol” maxThreads=”150? SSLEnabled=”true”> <SSLHostConfig> <Certificate certificateFile=”conf/cert.pem” certificateKeyFile=”conf/privkey.pem” certificateChainFile=”conf/chain.pem” /> </SSLHostConfig> </Connector>
Finally, restart Tomcat, open your browser, and go to server.example.com. It should now be encrypted and secure.