# Tomcat: Install Let's Encrypt SSL-Windows {% hint style="warning" %} **Note:** Be Sure that you Internal port is map with external port are same like 80:80 & 443:443 {% endhint %} ## Step 1: Install CertBot Latest Version from ## Step 2: Install OpenSSL From ## Step 3: Step Add Enviroment variable of openssl

## Step4: Stop Tomcat ## Step5: Run Command ``` certbot certonly — standalone -d your.domain.com ``` ## Step6: Create Folder and copy all certificat from `C:\Certbot\live\your.domain.com` to `C:\Lets` ## Step7: Now Copy *cert.pem chain.pem fullchain.pem in all.pem like this*

## Step8: Run Command for pem to p12 file {% columns %} {% column width="0%" %} ``` openssl pkcs12 -export -name hops -in all.pem -inkey privkey.pem -out p12keystore.p12 ``` {% endcolumn %} {% column %} ``` openssl pkcs12 -export -name hops -in all.pem -inkey privkey.pem -out p12keystore.p12 ``` {% endcolumn %} {% endcolumns %} **Give Password : — password** ## Step8:- Run Command p12 To JDK ``` keytool -importkeystore -srckeystore p12keystore.p12 -srcstoretype pkcs12 -deststoretype pkcs12 -alias hops -destkeystore hops.jks ``` **Give Password : — password** ## Step9:- Apply JKS and SSL connector Setting in Tomcat server.xml File Open File of server.xml ``` C:\Program Files\Apache Software Foundation\Tomcat 9.0\conf\server.xml ``` Update below details

<Connector port=”443" protocol=”HTTP/1.1" maxThreads=”150" SSLEnabled=”true” connectionTimeout=”20000" >
    <SSLHostConfig>
        <Certificate certificateKeystoreFile=”C:\Lets\hops.jks”
        certificateKeystorePassword=”password”
        type=”RSA” />
    </SSLHostConfig>
</Connector>

Save & Exit {% hint style="warning" %} \[Note — certificateKeystorePassword=”password” (This password is same as When run Openssl or Keytool Command)] {% endhint %} ## Step 10: Start Tomcat Service for Effect of SSL Renew *** ## REFERENCES *