Let’s Encrypt Certificate in Java with Apache Tomcat
January 16, 2019 | Spring boot complete tutorial with example | No Comments
In this post, I will show you how to configure Apache Tomcat to use Let’s Encrypt Certificate. Lets’s Encrypt provides us the free certificate.
To use Let’s Encrypt Certificate we have to follow some steps:
1- Purchase Domain from any WebSite like Go Daddy or any other website.
2- Now go to /var/www/ location and create a folder with your domain name
cd /var/www/ mkdir vasurajput.co.in
3- Now create a folder name public_html inside your domain name
cd /var/www/vasurajput.co.in mkdir public_html
4- Give Permission to the folder
sudo chown -R apache:apache var/www/vasurajput.co.in/public_html sudo chmod 755 /var/www
Now Create a Virtual host for apache tomcat so we can map multiple domains with the same IP, To create virtual host follow some steps
5- Create Virtual host in /etc/httpd/conf/httpd.conf file
sudo vim /etc/httpd/conf/httpd.conf
6- Make the following code at very bottom of http.conf file
<VirtualHost *:80>
ServerAdmin vashurajput005@gmail.com
DocumentRoot /var/www/vasurajput.co.in/public_html
ServerName www.vasurajput.co.in
ServerAlias vasurajput.co.in
</VirtualHost>
7- Now start httpd service using below command, make sure you have shut down the apache tomcat because apache tomcat also running on port 80.
sudo systemctl start httpd
Till now we have successfully created the virtual host now we have to create a certificate using Lets’Encrypt, so for getting the certificate we follow the given steps:
1- Install Let’s Encrypt configuration in your CentOs Server
wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto
2- Now go to your certbort-auto location and get the certificate using below command
cd /root/certbot-auto --apache certonly
3- you will get your Let’s Encrypt certificate successfully at location
/etc/letsencrypt/live/vasurajput.co.in
Till Now you have successfully created a virtual host and Let’s Encrypt certificate Now we have to configure apache tomcat to use Let’s Encrypt certificate, If you use multiple domain names with the same IP address then you have to do some changes in the server.xml file of apache tomcat</h4
Now again go to vim /etc/httpd/conf/httpd.conf location and add below code at very bottom of httpd.conf file
vim /etc/httpd/conf/httpd.conf
<VirtualHost *:443>
ServerAdmin vashurajput005@gmail.com
DocumentRoot /var/www/vasurajput.co.in/public_html
ServerName www.vasurajput.co.in
ServerAlias vasurajput.co.in
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.vasurajput.co.in/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.vasurajput.co.in/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.vasurajput.co.in/chain.pem
</VirtualHost>
sudo systemctl stop httpd
sudo systemctl start httpd
Now open your server.xml file of apache tomcat and add below code there
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName="www.vasurajput.co.in">
<SSLHostConfig hostName="www.vasurajput.co.in" >
<Certificate certificateFile="/etc/letsencrypt/live/www.vasurajput.co.in/fullchain.pem"
certificateKeyFile="/etc/letsencrypt/live/www.vasurajput.co.in/privkey.pem"
certificateChainFile="/etc/letsencrypt/live/www.vasurajput.co.in/chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
Now Stop httpd service and restart apache tomcat server and you are done, now you can use Let’s Encrypt certificate.
sudo systemctl start httpd
cd /usr/local/apache-tomcat-8.5.37/bin ./startup.sh
References :
https://letsencrypt.org/getting-started/
https://certbot.eff.org/lets-encrypt/centos6-apache
