wonder if this thread went anywhere? Would be very neat to have a let's
encrypt integration (don't know if it would be a listener to declare to
have automatic reloading or just a flag on the SSL config but it would ease
deploying self hosted instances).
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://blog-rmannibucau.rhcloud.com> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
2017-01-23 23:18 GMT+01:00 Christopher Schultz <ch...@christopherschultz.net
> Mark and Emmanuel,
> On 1/23/17 5:01 AM, Mark Thomas wrote:
> > On 23/01/2017 09:36, Emmanuel Bourg wrote:
> >> Hi all,
> >> With the fast adoption of Let's Encrypt many people are interested in
> >> integrating it with Tomcat. A first step was to ensure that Tomcat can
> >> directly use the PEM certificates generated by the letsencrypt/certbot
> >> client. An important aspect of Let's Encrypt is automation, the
> >> certificates are relatively short lived (90 days) and must be updated
> >> automatically. AFAIK there is no easy way yet to reload a connector in
> >> Tomcat to pick a new certificate. The administrator either has to
> >> restart Tomcat (bad in a production environment) or do some JMX tricks
> >>  (but JMX must be enabled and secured properly).
> >> I'm wondering if it would be possible for Tomcat to monitor the
> >> certificates/keystore files and reload the associated connectors
> >> automatically? If there is a consensus on this feature I'd be interested
> >> in implementing it.
> > For background reading:
> > http://tomcat.markmail.org/thread/fthbtwuozidno6lw
> > http://tomcat.markmail.org/thread/753blzkslmifcvh4
> Yep. I'm also planning on giving a presentation about this exact topic
> at ApacheCon in Miami.