Let's encrypt SSL config

Hi,

It drives me nuts now.

I have created sym links to the PEM files. I made the PEM files readable for
the tomcat user. I set the server.xml to use SSL. And the connector fails to
start.

    <Connector port="8443"

               protocol="org.apache.coyote.http11.Http11NioProtocol"

               maxThreads="200"

               scheme="https"

               secure="true"

               SSLEnabled="true"

               clientAuth="false"

               sslProtocol="TLS"

 
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementat
ion"

               defaultSSLHostConfigName="mydomain.com"

    >

        <SSLHostConfig hostName="mydomain.com"
protocols="+TLSv1,+TLSv1.1,+TLSv1.2">

            <Certificate

                certificateKeyFile="conf/privkey.pem"

                certificateFile="conf/cert.pem"

                certificateChainFile="conf/chain.pem"

                type="UNDEFINED"

            />

        </SSLHostConfig>

    </Connector>

 

I did try to change the type to RSA, to no avail. All I see in the log is:

02-Jan-2021 17:40:54.398 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["https-openssl-nio-8443"]

02-Jan-2021 17:40:54.466 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component [Connector[HTTP/1.1-8443]]

        org.apache.catalina.LifecycleException: Protocol handler
initialization failed

                at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1013)

                ... some lines removed

                at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)

        Caused by: java.lang.IllegalArgumentException

                at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJss
eEndpoint.java:99)

                ... some lines are removed

                at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)

                ... 13 more

        Caused by: java.io.IOException

                at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:302)

                at
org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.ja
va:98)

                at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247
)

                at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJss
eEndpoint.java:97)

                ... 20 more

 

I've checked the SSLUtilBase.java code (tomcat 9.0.33):

            if (certificate.getCertificateFile() == null) {

                throw new IOException(sm.getString("jsse.noCertFile"));

            }

 

I did try to copy the files instead of using sym links. No avail. Removed
the comments from the cert files. No avail. It seems tomcat cannot find the
files I've specified in the server.xml.

What do I miss?

 

Best Regards,

Ivan

Hi Ivan,



Maybe want to try an absolute path like so: ${catalina.base}/conf/ or ${catalina.home}/conf/ ?

Peter