up?
Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://rmannibucau.metawerx.net/> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> 2017-09-05 16:41 GMT+02:00 Romain Manni-Bucau <rmannibu...@gmail.com>: > Hello guys, > > wonder if this thread went anywhere? Would be very neat to have a let's > encrypt integration (don't know if it would be a listener to declare to > have automatic reloading or just a flag on the SSL config but it would ease > deploying self hosted instances). > > > Romain Manni-Bucau > @rmannibucau <https://twitter.com/rmannibucau> | Blog > <https://blog-rmannibucau.rhcloud.com> | Old Blog > <http://rmannibucau.wordpress.com> | Github > <https://github.com/rmannibucau> | LinkedIn > <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory > <https://javaeefactory-rmannibucau.rhcloud.com> > > 2017-01-23 23:18 GMT+01:00 Christopher Schultz < > ch...@christopherschultz.net>: > >> Mark and Emmanuel, >> >> On 1/23/17 5:01 AM, Mark Thomas wrote: >> > On 23/01/2017 09:36, Emmanuel Bourg wrote: >> >> Hi all, >> >> >> >> With the fast adoption of Let's Encrypt many people are interested in >> >> integrating it with Tomcat. A first step was to ensure that Tomcat can >> >> directly use the PEM certificates generated by the letsencrypt/certbot >> >> client. An important aspect of Let's Encrypt is automation, the >> >> certificates are relatively short lived (90 days) and must be updated >> >> automatically. AFAIK there is no easy way yet to reload a connector in >> >> Tomcat to pick a new certificate. The administrator either has to >> >> restart Tomcat (bad in a production environment) or do some JMX tricks >> >> [1] (but JMX must be enabled and secured properly). >> >> >> >> I'm wondering if it would be possible for Tomcat to monitor the >> >> certificates/keystore files and reload the associated connectors >> >> automatically? If there is a consensus on this feature I'd be >> interested >> >> in implementing it. >> > >> > For background reading: >> > >> > http://tomcat.markmail.org/thread/fthbtwuozidno6lw >> > >> > http://tomcat.markmail.org/thread/753blzkslmifcvh4 >> >> Yep. I'm also planning on giving a presentation about this exact topic >> at ApacheCon in Miami. >> >> -chris >> >> >
