How to Install Let’s Encrypt SSL with Tomcat?

Even though Apache Tomcat is quite secure it is always advisable that we can add more and more configurations to secure access. That’s why, in this post, we will take you through how to install Let’s Encrypt SSL with Tomcat.

This is a practice we always have to follow if our Tomcat server is available from the Internet. This is done to protect all data that is transmitted from the client to the server via the web.

Brief introduction to Let’s Encrypt

Let’s Encrypt is a free and open certificate authority, known by the acronym CA, powered by the Linux Foundation, which allows us to generate free and automatic SSL certificates for our websites.

One of their main missions is to make the Internet a safe place and they feel that by doing what they do, they can help with the task. The reality is that they allow you to create certificates for free and many small projects appreciate it.

The installation on the server is very easy and this makes it affordable for many people. In addition to this, it is perfectly functional with modern web browsers which guarantee that there will be no problems accessing your site.

So securing Apache tomcat with Let’s Encrypt is an issue that can save a lot of trouble.

First Step: Install Tomcat on Ubuntu 20.04

The first step we have to take is obvious because we have to install and configure Apache Tomcat correctly on our computer.

For that, you will have to read our post about it.

How to install Apache Tomcat on Ubuntu 20.04?

Once Apache Tomcat is installed and working properly we can continue.

Install Let’s Encrypt with Tomcat

Certbot is a tool that allows us to automatically generate and download Let’s Encrypt certificates in a very easy way. So the first step is to install it.

sudo apt update
sudo apt install certbot

Then, generate the certificates using the following command

sudo certbot certonly --standalone -d [domain]

You have to specify your domain in the command for it to work. During the process, you will be asked for your email address as well as to accept the license terms. In a few seconds, you will have the certificates on your computer.

If you want to see them, you can run

sudo ls /etc/letsencrypt/live/[your-domain]

Now you need to copy them to a folder inside Tomcat. This can be the conf folder

sudo cp /etc/letsencrypt/live/[your-domain]/cert.pem /opt/tomcat/conf
sudo cp /etc/letsencrypt/live/[your-domain]/chain.pem /opt/tomcat/conf
sudo cp /etc/letsencrypt/live/[your-domain]/privkey.pem /opt/tomcat/conf

Remember to replace [your-domain] with your domain so that the command will work.

Assign the corresponding permissions so that Tomcat can access them.

sudo chown tomcat:tomcat /op/tomcat/conf*.pem

Now open the Tomcat server.xml file and locate this section.

 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
                         type="RSA" />

And change it to this

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
            <Certificate certificateFile="conf/cert.pem"
                         certificateChainFile="conf/chain.pem" />

The most noticeable change is the inclusion of the previously generated certificates.

Close the editor and then, you can start Apache Tomcat.

You can now access it from your web browser with the address https//your-server:8080.

So, Apache Tomcat is now more secure thanks to this procedure.

Let’s Encrypt with Tomcat Conclusion

Installing Let’s Encrypt with Tomcat is an easy way to ensure that all data in the transmission is encrypted and therefore more secure. So with these simple steps, it is possible to have even more security on your server.

Please share this post and leave us a comment.

Scroll to Top