Jerry, Try this after regenerating the LE certs
curl -u <user> "https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=8443&op=reloadSslHostConfigs“ for all domains or curl -u <user> "https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=8443&op=reloadSslHostConfig&ps=<domain to reload>“ for just the needed domain. Adjust the port to your SSL-Connector. Add a <user> to tomcat-users.xml <user username="<user>" password="<passwd>" roles="manager-jmx"/> Beware not to open the Manager App to the public - just localhost. HTH Peter > Am 26.12.2020 um 18:42 schrieb Jerry Malcolm <techst...@malcolms.com>: > > We have a production environment where we rarely reboot Tomcat. LetsEncrypt > auto-updates the certificates every couple of months. But the new > certificates are not loaded into Tomcat. So when the original expiration > date of the certs arrives, users get "certificate expired" even though new > certs exist. A simple reboot to load the new certs fixes it. But we want to > avoid reboots. Are there any config parameters that tell TC to check for > cert updates and reload the new certs? Thx > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org