Certbot and Tomcat

Let’s say you have a domain host.domain.pl and you want to run Tomcat with SSL certificate. You can do it following way

1. Generate certificate using certbot

Take a look here: CentOS 7 – issues while using certbot

2. Once it’s generated, create PKCS12 keystore

> sudo openssl pkcs12 -export \
  -inkey /etc/letsencrypt/live/host.domain.pl/privkey.pem    \
  -in    /etc/letsencrypt/live/host.domain.pl/fullchain.pem  \
  -out   /etc/letsencrypt/live/host.domain.pl/keystore.p12   \
  -name tomcat

3. Update application.properties file

# Location of keystore file. Note that you can move it somewhere else,
# for example into location where your server is.

# This is the password you have typed in while exporting
# pem to p12


# This is the name of keystore, one that you have passed
# as -name while exporting pem to p12