Hi all, With the fast adoption of Let's Encrypt many people are interested in integrating it with Tomcat. A first step was to ensure that Tomcat can directly use the PEM certificates generated by the letsencrypt/certbot client. An important aspect of Let's Encrypt is automation, the certificates are relatively short lived (90 days) and must be updated automatically. AFAIK there is no easy way yet to reload a connector in Tomcat to pick a new certificate. The administrator either has to restart Tomcat (bad in a production environment) or do some JMX tricks [1] (but JMX must be enabled and secured properly).
I'm wondering if it would be possible for Tomcat to monitor the certificates/keystore files and reload the associated connectors automatically? If there is a consensus on this feature I'd be interested in implementing it. Emmanuel Bourg [1] http://serverfault.com/questions/328533/can-tomcat-reload-its-ssl-certificate-without-being-restarted --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
