On 23/01/2017 09:36, Emmanuel Bourg wrote: > Hi all, > > With the fast adoption of Let's Encrypt many people are interested in > integrating it with Tomcat. A first step was to ensure that Tomcat can > directly use the PEM certificates generated by the letsencrypt/certbot > client. An important aspect of Let's Encrypt is automation, the > certificates are relatively short lived (90 days) and must be updated > automatically. AFAIK there is no easy way yet to reload a connector in > Tomcat to pick a new certificate. The administrator either has to > restart Tomcat (bad in a production environment) or do some JMX tricks > [1] (but JMX must be enabled and secured properly). > > I'm wondering if it would be possible for Tomcat to monitor the > certificates/keystore files and reload the associated connectors > automatically? If there is a consensus on this feature I'd be interested > in implementing it.
For background reading: http://tomcat.markmail.org/thread/fthbtwuozidno6lw http://tomcat.markmail.org/thread/753blzkslmifcvh4 Mark > > Emmanuel Bourg > > [1] > http://serverfault.com/questions/328533/can-tomcat-reload-its-ssl-certificate-without-being-restarted > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
