How To Configure SSL For Apache Tomcat 8 Using Let’sencrypt On Ubuntu 19.045 min read
I have to show how to using let’s Encrypt for apache tomcat 8.0.46 and java 8u144. Let’s encrypt is an open source ssl solution for everyone. So I am configure it on Ubuntu 19.04 server.
★ How To Add Windows Host In Zabbix Server
★ How To Install FreePBX Server On Ubuntu 14.04
If your server local so below port must be forward from your router.
- 80 (LAN) point to 80 (WAN) << Not permanent [ only When install Let’s encrypt ]
- 8443 (LAN) point to 8080 or other what you needed (WAN) << Permanent
- LAN IP : 10.66.50.20
- WAN IP : 45.251.231.171
- JAVA version : 8u144 << Tested
- Tomcat version : 8.0.46 << Tested
Step #01: Server must be update so not update your server so use this command for update Ubunut 19.04.
root@Apache-Tomcat:~# apt-get update && upgrade -y
Step #02: Install let’s encrypt and certbot for Ubuntu 19.04.
root@Apache-Tomcat:~# add-apt-repository ppa:certbot/certbot root@Apache-Tomcat:~# apt-get update root@Apache-Tomcat:~# apt-get install letsencrypt -y root@Apache-Tomcat:~# wget https://dl.eff.org/certbot-auto -P /usr/local/bin root@Apache-Tomcat:~# chmod a+x /usr/local/bin/certbot-auto root@Apache-Tomcat:~# export DOMAIN="tomcat.technologyrss.com" root@Apache-Tomcat:~# export EMAIL_ALERT="[email protected]"
Before install stop tomcat service using below command.
root@Apache-Tomcat:~# /etc/init.d/tomcat stop
Now run main command for install let’s encrypt on my ubuntu server.
root@Apache-Tomcat:~# /usr/local/bin/certbot-auto certonly --standalone -d $DOMAIN --preferred-challenges http --agree-tos -n -m $EMAIL_ALERT --keep-until-expiring root@Apache-Tomcat:~# certbot-auto renew
So now I install p12 file and jks file using java tool and previously created letsencrypt fullchain.pem & privkey.pem
Step #03: Create .p12 file using below command & this file save into /etc/letsencrypt/ location.
root@Apache-Tomcat:~# openssl pkcs12 -export -out /etc/letsencrypt/fullchain.p12 -in /etc/letsencrypt/live/tomcat.technologyrss.com/fullchain.pem -inkey /etc/letsencrypt/live/tomcat.technologyrss.com/privkey.pem -name tomcat
Create two time password for using every time this.
Step #04: Goto my java bin location for create .jks file using fullchain.p12 file.
root@Apache-Tomcat:~# cd /home/app/Java/jdk/8u144/bin/
root@Apache-Tomcat:/home/app/Java/jdk/8u144/bin# ./keytool -importkeystore -deststorepass passw0rd -destkeypass passw0rd -destkeystore /etc/letsencrypt/tomcat.technologyrss.com.jks -srckeystore /etc/letsencrypt/fullchain.p12 -srcstoretype PKCS12 -srcstorepass passw0rd -alias tomcat
Step #05: Open server.xml file from tomcat folder.
root@Apache-Tomcat:~# vi /home/app/Tomcat/8.0.46/conf/server.xml
Inert or edit below all lines into server.xml file.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/etc/letsencrypt/tomcat.technologyrss.com.jks"
keystorePass="passw0rd"
clientAuth="false" sslProtocol="TLS" />
Save this file & stop and start tomcat.
root@Apache-Tomcat:~# /etc/init.d/tomcat start
Then browse your server domain using ssl. If any problem so see my YouTube channel for more details. Please subscribe my channel for more update.
Thanks to all.
- How To Install Zabbix Server 6.4 On AlmaLinux 8 Server - August 9, 2024
- How To Clear RAM Memory Cache Buffer Linux Server - February 29, 2024
- How To Install Apache Cloud Stack Management Server 4.17 On Ubuntu 22.04 - February 1, 2024
We really appreciate for your support for buying me a coffee.
It takes us a while to compose and upload new content, as they have to be checked to see if Properly works. We appreciate you if you help me for one cup of coffee to keep us awake and always deliver good quality content.
No contribution is small of an amount. We are grateful for any amount you support us with. Thank you!
Thank u so much it worked for me!
Welcome!!!