James, On 10/5/20 19:59, James H. H. Lampert wrote: > I'm coming into this conversation late, so what I say could be > completely irrelevant, but when I recently set up an independent (i.e., > not behind httpd) Tomcat server on one of our AWS EC2 instances, and > could not get certbot to function at all, to save my life, I ended up > using something called "LEGO."
Thanks for mentioning LEGO. Any time I've been mentioning certbot, you can replace that with $your-favorite-acme-client. > It *does* require one to shut the Tomcat server down during the > renewal process (because it has to take over the port briefly), but > it also *does* play nicely with a Tomcat server that's doing its own > SSL. You *should* be able to do this without stopping Tomcat, but it might end up complicating other things. If you have a reverse proxy server, this is trivial to avoid. If you are binding Tomcat directly to port 80, this is not so easy. Another option is to use DNS-based authentication where your web server isn't involved. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
