Mark and Emmanuel, On 1/23/17 5:01 AM, Mark Thomas wrote: > On 23/01/2017 09:36, Emmanuel Bourg wrote: >> Hi all, >> >> With the fast adoption of Let's Encrypt many people are interested in >> integrating it with Tomcat. A first step was to ensure that Tomcat can >> directly use the PEM certificates generated by the letsencrypt/certbot >> client. An important aspect of Let's Encrypt is automation, the >> certificates are relatively short lived (90 days) and must be updated >> automatically. AFAIK there is no easy way yet to reload a connector in >> Tomcat to pick a new certificate. The administrator either has to >> restart Tomcat (bad in a production environment) or do some JMX tricks >> [1] (but JMX must be enabled and secured properly). >> >> I'm wondering if it would be possible for Tomcat to monitor the >> certificates/keystore files and reload the associated connectors >> automatically? If there is a consensus on this feature I'd be interested >> in implementing it. > > For background reading: > > http://tomcat.markmail.org/thread/fthbtwuozidno6lw > > http://tomcat.markmail.org/thread/753blzkslmifcvh4
Yep. I'm also planning on giving a presentation about this exact topic at ApacheCon in Miami. -chris
signature.asc
Description: OpenPGP digital signature
