Install a free SSL certificate Let's Encrypt for Tomcat Server on Ubuntu
1. What is Let's Encrypt?
An SSL of a website need to be recognized by a reputable organization that it is safe, which is the reason why you have to use money to buy a Certificate from a reputable organization. There are many reputable organizations in the world that offer SSL certificates such as Comodo, GeoTrust, ...
- SSL là gì, chứng chỉ SSL là gì?
Let's Encrypt is a SSL certificate providers free, automatically and operating for the community's benefits. It is managed by Internet Security Research Group (ISRG).
Let's Encrypt provides SSL certificates, type: Domain Validation, ie after installation, there will be a green lock in the address bar of the browser, when users access your website.
Although the SSL certificates of Let's Encryt is free, it only has a valid term of 3 months, so every 3 months, you have to create this certificate. But it is very simple, therefore, it doesn't also cause you much trouble for you.
In this post, I am going to guide you to create a SSL certificate free of Let's Encrypt in the Linux & Tomcat Server environment.
2. Create a SSL Let's Encrypt certificate
No ADS
Ensure that you have installed TomCat successfully on Linux (Ubuntu Server,..).
Deploy your application on Tomcat Server and access it successfully through your domain (eg.: yourdomain.com):
- http://yourdomain.com
Install Certbot
Certbot is a small tool, which helps you to create keys and signs (Signature) of SSL certificate, and automatically register with Let's Encrypt organization and then download the Let’s Encrypt certificate to the Server for you. Everything is simple.
Ensure that Tomcat Server is shutdown. OK. Open the Terminal window and execute the following commands:
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
After installing Certbot successfully, you can use this tool to create an SSL certificate for your domain:
# Example:
sudo certbot certonly --standalone -d yourdomain.com
# Example:
sudo certbot certonly --standalone -d devlayer.net
Certbot asks you to enter email, which is necessary so that Let's Encrypt organization notifies you of the time of updating the certificate or notices related to confidentiality.
Agree about the terms of Let's Encrypt:
OK, Now, a directory containing SSL certificate information has been created on your server.
- /etc/letsencryt
- /etc/letsencryt/live/{yourdomain.com}
3. Install SSL Let's Encrypt for Tomcat
No ADS
Use commands to grant permissions to files:
cd /etc/letsencrypt/live/yourdomain.com
chown root:root *.pem
Next, use the command to copy the cert.pem, chain.pem, privkey.pem files created by you in the previous step to the {Tomcat}/conf directory
cd /etc/letsencrypt/live/yourdomain.com
cp cert.pem /root/Apps/tomcat9/conf
cp chain.pem /root/Apps/tomcat9/conf
cp privkey.pem /root/Apps/tomcat9/conf
Open the server.xml file and add a code snippet.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateFile="conf/cert.pem"
certificateKeyFile="conf/privkey.pem"
certificateChainFile="conf/chain.pem" />
</SSLHostConfig>
</Connector>
Restart Tomcat Server, and access your application with https:
- https://yourdomain.com
- https://yourdomain.com:8443
No ADS
Java Application Servers Tutorials
- Install Tomcat Server for Eclipse
- Install Tomcat Server
- Install Glassfish Web Server on Windows
- Install Oracle WebLogic Server
- How to create Windows Service for Oracle WebLogic Server?
- Deploy Spring Boot Application on Tomcat Server
- Deploy Spring Boot Application on Oracle WebLogic Server
- Deploy Spring MVC on Oracle WebLogic Server
- Install SSL Certificate for Tomcat Server
- Install a free SSL certificate Let's Encrypt for Tomcat Server on Ubuntu
Show More