Jerry, the quotes were messed up.
See the correct command below inline. > Am 28.12.2020 um 11:10 schrieb logo <l...@kreuser.name>: > > Jerry, > > Try this after regenerating the LE certs > > curl -u <user> > "https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=8443&op=reloadSslHostConfigs > > <https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=8443&op=reloadSslHostConfigs>" > > for all domains or > > curl -u <user> > "https://localhost:8443/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=8443&op=reloadSslHostConfig&ps=<domain > to reload>" > > for just the needed domain. > > Adjust the port to your SSL-Connector. > > Add a <user> to tomcat-users.xml > <user username="<user>" password="<passwd>" roles="manager-jmx"/> > > Beware not to open the Manager App to the public - just localhost. > > HTH > > Peter > > >> Am 26.12.2020 um 18:42 schrieb Jerry Malcolm <techst...@malcolms.com>: >> >> We have a production environment where we rarely reboot Tomcat. LetsEncrypt >> auto-updates the certificates every couple of months. But the new >> certificates are not loaded into Tomcat. So when the original expiration >> date of the certs arrives, users get "certificate expired" even though new >> certs exist. A simple reboot to load the new certs fixes it. But we want >> to avoid reboots. Are there any config parameters that tell TC to check for >> cert updates and reload the new certs? Thx >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
