I was following this tutorial to enable ssl in tomcat: https://medium.com/@raupach/how-to-install-lets-encrypt-with-tomcat-3db8a469e3d2
Altough tomcat is running at the end, i can not access https, says unable to connect. So i checked the logs and i got:
Caused by: java.io.IOException: SSLHostConfig attribute certificateFile must be defined when using an SSL connector
, but my certificateFile is defined as you can see:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="100"
compression="on"
scheme="https"
SSLEnabled="true"
secure="true"
SSLVerifyClient="none"
SSLProtocol="TLSv1.2"
defaultSSLHostConfigName="test.test">
<SSLHostConfig hostName="test.test">
<Certificate certificateFile="conf/cert.pem" certificateKeyFile="conf/privkey.pem" certificateChainFile="conf/chain.pem" />
</SSLHostConfig>
</Connector>
these files are present in conf/
tomcat 9 docs: https://tomcat.apache.org/tomcat-9.0-doc/config/http.html section SSLHostConfig and Certificate
You use a mix of new (since Tomcat 8.5) and deprecated attributes (cf. Tomcat documentation). The effect of setting, e.g. SSLProtocol is the creation of a second <SSLHostConfig> with hostname _default_. That is the element that the error message is referring to.
You should replace the obsolete tags (SSLVerifyClient and SSLProtocol) with their current counterparts (or omit them if you want the default value):
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="100"
compression="on"
scheme="https"
SSLEnabled="true"
secure="true"
defaultSSLHostConfigName="test.test">
<SSLHostConfig hostName="test.test"
protocols="TLSv1.2">
<Certificate certificateFile="conf/cert.pem"
certificateKeyFile="conf/privkey.pem"
certificateChainFile="conf/chain.pem" />
</SSLHostConfig>
</Connector>
Remark: The attributes you used where specific to the APR connector. If that choice was intentional, you should change the protocol to org.apache.coyote.http11.Http11AprProtocol.