Please see Apache reverse-proxy SSL to multiple server applications for an alternative (my preferred) solution to implementing SSL in a way that can work with any server application.
Setup guide when you need to use cert-bot auto and a tomcat java keystore. Note this assumes are running some flavour of Linux.
Download and install certbot-auto
Download latest version of certbot-auto:
Install (note this is optional and you can run from where you downloaded if you want):
Obtain certbot-auto certificate
Convert certificate to PKCS12
Change to letsencrypt directory for SSL sub/domain you obtained, e.g.
Note: above is an example from the confluence cert path.
Convert cert-bot auto to pkcs12 format:
Note: replace <PASSWORD> with a secure password string.
Import to .keystore (and create keystore):
Note: replace <PASSWORD> with the secure password string you created in the previous step.
This creates the .keystore files in the current directory. You may need to copy this to another (expected) location.
Usually you may need to copy the .keystore file (for referencing) to the user folder of user who runs apache. You can find the user by:
Then can do '>id 501' if see user id 501.