Final results of my Let's Encrypt project

["James H. H. Lampert" <ja...@touchtonecorp.com>]

Ladies and Gentlemen:

The server that had me tearing my hair out has now been entirely 
switched over to Let's Encrypt, and it's working quite well, so far. 
Thanks to everybody on this List, on the Orange County Linux User Group 
List, on Server Fault, and on the Bitnami support board, who assisted.

In particular, thanks to Christopher Schultz. It is always good to be 
able to stand upon the shoulders of a giant.

Some things I learned that may be of use to others:

1. If one is unable to get Certbot to work in a given situation, Lego 
may be a viable alternative. It does, however, require a brief server 
shutdown to run, as it does need to take over the ports while operating.

2. If one is having trouble getting Lego to work when you have ports 
mapped (e.g., 8443 appearing as 443 from the outside via iptables), 
adding "--http.port :80" and/or "--tls.port :8443" to the lego 
invocation may help.

3. If one is having trouble getting Tomcat to use .crt and .key files, 
it is not difficult to turn them into a PKCS12 keystore, which Tomcat 
can then use. (Again, thanks, Mr. Schultz!)

--
James H. H. Lampert


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org