-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Garret,
On 2/7/19 12:22, Garret Wilson wrote: > On 2/7/2019 3:13 PM, Christopher Schultz wrote: >> … Have a look at this presentation: >> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encr ypt >> >> %20Apache%20Tomcat.pdf > > The presentation gets two thumbs up, specifically: > > * Great corny grammar ambiguity joke on the title page. If you come to an upcoming ApacheCon, you can hurl rotten fruit at me in person! > * The inferred conclusion of the presentation is: "If I already > have enough complications in my life and I don't want more, I don't > want to try to use Let's Encrypt directly with Tomcat (and > especially not attempt to teach this to students), even if the > complications can be overcome." :D But it's nice and useful to know > what I'm avoiding by not going down that road. When drafting that presentation, I actually configured a production service running on Tomcat to use LE. It was less painful than I thought, honestly. (Actually, restarting the connector was a PITA, but things have improved in Tomcat since I wrote the original draft.) I would argue that adding Apache httpd into the mix (where is it not already there) is more complicated than using Let's Encrypt with Tomcat. Certainly if Apache httpd is already there, it's *way* easier to just add LE. But part of the reason I presented that material was so that someone who works on one of the various certbot-type things would develop a plug-in that makes configuring Tomcat as easy as configuring httpd. Romain Manni-Bucau from the TomEE project built a Tomcat component that does LE for you. It's an inside-out approach, as opposed to an outside-in approach like I took in my presentation. YMMV. You can find his project here on GitHub: https://github.com/rmannibucau/letsencrypt-manager Good luck, and thanks for using a free and open-source product like Tomcat in your class. If anyone has any trouble with the documentation - -- especially a student -- encourage them to figure out what's going (possibly by posting a message here) and contribute a documentation patc h. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxcxUgACgkQHPApP6U8 pFhr1Q/7Bs7SmH0xEoN7v/GJyErwvom8TD4GwdhoOtfQmZWrl8C84ByqBCfo1vVw EV7nvauRchPI6FXz7RobJPcUGUMGvH7srnjsMGA2U+sF3SAUkebK9XXT6jlkeOi6 t3wTi206BCThOZV5D0w7+ouKL5nBUAtZsqFyyD8i/qvfvNg3tFrDqF4cNcZwZLU7 CBfAc33GBuMwF2dlsQL0TvZEphSlZOYweRRVA0TlZXAGnF0VZypjFFvQhvqT105G kXBrufJg003zBQQJ7NzznYmqz0zvg1wM0CkeEVkFNbYcPiY4QNtXKtU9fNKP6PQx mla/VODbDuO/BzJfSXj6tHdT8RmVu1Iwp8k7CBFCATi3u2VFrdxoOKBIYumyj2gN rBJHxtmJkWOdypFz1sHbI89vuxrxpoJ2NmidZ1GyGlbsPoTky4DQYAVX7+b2Nuxi 92F1IPJtswykh1X6eB5Dx76ZiBExysj/DiJRxdmH2Ib6hgZOJHNnspVsb0m5voHH La3YhokS6YVxLYQRfOC0OorEuwgd3+l8GbI7UpitU9Rb4dZ7fjrQSz9v2Y+KKuk3 /J0q08RQd08GzJfW00YRIjCvRSETyQOqt/Xe6ji7sNFX/6v47ddw5YfvbCLXKOQd MLeQGbG3z6NnfwyP2d66J9f+vEEiGLeaAQDhTMpkTzDZyd+Qb5g= =oi/V -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
