centos 7 Apache Tomcat configuration integrated SSL (free 3-month certification letsencrypt)

In the SSL configuration tomcat, the main reference of the English link  https://o7planning.org/en/12243/install-a-free-ssl-certificate-lets-encrypt-for-tomcat-server-on-ubuntu

#######################################

1.Install Certbot

sudo yum install certbot

2. Turn off the Apache server

sudo service httpd  stop

3. Create Certification

sudo certbot certonly --standalone -d 域名

# Example: sudo certbot certonly --standalone -d   yourdomain.com   

# Example: sudo certbot certonly --standalone -d   devlayer.net

########################################################

Saving debug log to /var/log/letsencrypt/letsencrypt.log 

Plugins selected: Authenticator standalone, Installer None 

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org 

Obtaining a new certificate 

Performing the following challenges: 

http-01 challenge for ribosnitchdb.jax.org  Waiting for verification...  Cleaning up challenges   

IMPORTANT NOTES:   - Congratulations! Your certificate and chain have been saved at:     

                  /etc/letsencrypt/live/域名/fullchain.pem     Your key file has been saved at:     /etc/letsencrypt/live/域名/privkey.pem     

                  The expire ON CERT by Will Your 2019-10-22 (valid for three months, need to be updated on a regular basis) . Tweaked the To Obtain A new new Version of the this Certificate or in at The Future, Simply RUN certbot Again.

                  To non-interactively renew *all* of your certificates, run     "certbot renew"   

- If you like Certbot, please consider supporting our work by:       

     Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate     Donating to EFF:                    https://eff.org/donate-le  

 

4. cp * .pem conf directory

5. Configuration server.xml 

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"       maxThreads="150" SSLEnabled="true">       

            <SSLHostConfig>         

                 <Certificate certificateFile="conf/cert.pem"    certificateKeyFile="conf/privkey.pem"     certificateChainFile="conf/chain.pem" />       

         </SSLHostConfig>   

 </Connector>  

6. Configure web.xml

<security-constraint>         

        <web-resource-collection >               

              <web-resource-name >SSL</web-resource-name>               

             <url-pattern>/*</url-pattern>         

      </web-resource-collection>         

        <user-data-constraint>         

              <transport-guarantee>CONFIDENTIAL</transport-guarantee>         

       </user-data-constraint>     

</security-constraint>