Hello guys, wonder if this thread went anywhere? Would be very neat to have a let's encrypt integration (don't know if it would be a listener to declare to have automatic reloading or just a flag on the SSL config but it would ease deploying self hosted instances).
Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://blog-rmannibucau.rhcloud.com> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory <https://javaeefactory-rmannibucau.rhcloud.com> 2017-01-23 23:18 GMT+01:00 Christopher Schultz <ch...@christopherschultz.net >: > Mark and Emmanuel, > > On 1/23/17 5:01 AM, Mark Thomas wrote: > > On 23/01/2017 09:36, Emmanuel Bourg wrote: > >> Hi all, > >> > >> With the fast adoption of Let's Encrypt many people are interested in > >> integrating it with Tomcat. A first step was to ensure that Tomcat can > >> directly use the PEM certificates generated by the letsencrypt/certbot > >> client. An important aspect of Let's Encrypt is automation, the > >> certificates are relatively short lived (90 days) and must be updated > >> automatically. AFAIK there is no easy way yet to reload a connector in > >> Tomcat to pick a new certificate. The administrator either has to > >> restart Tomcat (bad in a production environment) or do some JMX tricks > >> [1] (but JMX must be enabled and secured properly). > >> > >> I'm wondering if it would be possible for Tomcat to monitor the > >> certificates/keystore files and reload the associated connectors > >> automatically? If there is a consensus on this feature I'd be interested > >> in implementing it. > > > > For background reading: > > > > http://tomcat.markmail.org/thread/fthbtwuozidno6lw > > > > http://tomcat.markmail.org/thread/753blzkslmifcvh4 > > Yep. I'm also planning on giving a presentation about this exact topic > at ApacheCon in Miami. > > -chris > >
