Hi Chris, I am also trying to figure this out and get to the same error.
> Am 25.07.2019 um 17:53 schrieb Joseph Dornisch <kingcanut...@gmail.com>: > > Hello, > > I have a CRL configured in my tomcat server configuration. If I update it > and want to have Tomcat refresh it, I can login into > https://127.0.0.1/manager/html and click the "Re-read" button under > "Configuration->Re-read TLS configuration files" and this causes my CRL to > be reread. It works great. > > However,I have read here, " > https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encrypt%20Apache%20Tomcat.pdf" > on page 34 you can do basically the same thing with a command something > like: > https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHandler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22&op=reloadSslHostConfigs > > When I do this, I get back: > > Error - java.lang.NullPointerException > java.lang.NullPointerException > at > org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(JMXProxyServlet.java:264) > at > org.apache.catalina.manager.JMXProxyServlet.invokeOperation(JMXProxyServlet.java:207) > at org.apache.catalina.manager.JMXProxyServlet.doGet(JMXProxyServlet.java:116) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > com.arl.servlet.core.filters.AbstractRedirectFilter.doFilter(AbstractRedirectFilter.java:250) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > com.arl.servlet.core.filters.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:356) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > com.arl.servlet.core.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:128) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:610) > at > org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:348) > at org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:52) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) > at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798) > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > at > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) > at > org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:748) > > Is this command supposed to work in Tomcat 8.5.43? Is there a different > command. Short of this, the only way to force reload without manual > intervention seems to be to login to the manager from code, and then execute > https://127.0.0.1/manager/html/sslReload?org.apache.catalina.filters.CSRF_NONCE= > <nonce_value_from_established_session> > > I've seen that I might also write some code that Tomcat itself would run > periodically to refresh the SSL configuration. Could anyone provide any > ideas here? If I query with the jmxproxy-Servlet I get to Catalina:type=ProtocolHandler,port=8443, but I cannot figure out the necessary address. How can I find it? Once I add an address (127.0.0.1, localhost or DNSs...) , I get exactly "OK - Number of results: 0". That may be the cause of the above java.lang.NullPointerException. If I omit the address it I get a detailed stacktrace, with all sorts of IO exceptions/Illegal argument exceptions that relate to the actual code of AbstractJsseEndpoint/AbstractEndpoint and reloadSslHostConfigs. Could you please help us here? If I only want to reload one specific HostConfig, how do I set the hostname parameter? I looked at your letsencrypt script https://people.apache.org/~schultz/ApacheCon%20NA%202018/lets-encrypt-renew.sh, but that requires the address already as a parameter... Thank you. Peter
