There are a couple of things that you will want to have handy to make this process sing.
- Logged in to The windows Apache Tomcat server with a view of the desktop
- Access to the Lets Encrypt Key and CSR
- Logged into your DNS Provider
- Passwords required for your tomcat keystore
Put in the email you have setup your tomcat server account, you will also need your account key and domain CSR.
Select DNS Verfication, Accept TOS, Accept SA and hit next.
This will take you to the DNS ACME-Challenge page. You will need to copy and paste the challenge and update the challenge in the TXT field in our Zoneedit account under the _acme-challenge.$yourdomain value.
Once Verified it will allow you to download your new domain and intermediate cert.
Save the downloaded file to the documents folder. Then open it up in sublime text edit and split the certs appart. The top certificate one is the domain cert which we need the other is the intermediate certificate. Save them in the following format. Copy and paste them into
Copy and paste the files into the apache tomcat directory. C:\Program Files\tomcatserver
Run CMD as Administrator and go to cd “C:\Program Files\tomcatserver” this will make things easier.
Type in “$JAVA_VAR”\keytool -import -alias $yourkeystorealias -trustcacerts -file domain-cert-renewal-20180919.crt -keystore $yourkeystorefilename
Then it will prompt you for a password:
Enter the password for the keystore.
Then it will ask you for a new password. You can continue to use the one that you have, so if you change it update the documentation!
You will get a warning about PKCS12 you can ignore it but that is it your done. Your SSL Cert is updated. Restart your apache tomcat server for the certificate updates to take effect.
If you want to verify the certificate there is a java program loaded called Portecle
Once the Program is open you can open the keystore file by going File -> Open Keystore File -> “C:\Program Files\$pathtotomcatdirectory” or by Opening the file from the drop down as shown below.
You will then be prompted for the Keystore Password: $KeystorePassword!
Once that is done you can see the certificates in the keystore as shown below.