I had my Tomcat8 running fine in port 8080, but now I'm trying to enable https in 8443 and, even though logs look fine it doesn't work (not even in 8080 without https right now).
My sistem is Ubuntu 17.10 and I'm using Tomcat 8.5.21
What I did:
Get a Let's Encrypt Certificate (it's working fine in my Apache) and created a JKS Keystore.
Updated my
server.xml
connector with:<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" keyAlias="tomcat" keystoreType="JKS" keystoreFile="/etc/letsencrypt/live/sydomain/MyDSKeyStore.jks" keystorePass="mypassword" />
Installed APR and make sure that
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
was present on myserver.xml
(warning about APR in logs disapeared)Fixed an error saying Cannot recover key by making my Keystore and Key password the same.
Restarted the tomcat8 service (also tried rebooting the server).
My catalina.out
for a start
process shows:
22-Jan-2018 10:32:53.795 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/8.5.21 (Ubuntu)
22-Jan-2018 10:32:53.801 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Oct 13 2017 11:06:51 UTC
22-Jan-2018 10:32:53.802 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 8.5.21.0 22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux
22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 4.13.0-25-generic
22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/lib/jvm/java-8-openjdk-amd64/jre
22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_151-8u151-b12-0ubuntu0.17.10.2-b12
22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation
22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /var/lib/tomcat8
22-Jan-2018 10:32:53.808 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /usr/share/tomcat8
22-Jan-2018 10:32:53.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/var/lib/tomcat8/conf/logging.properties
22-Jan-2018 10:32:53.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
22-Jan-2018 10:32:53.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.awt.headless=true
22-Jan-2018 10:32:53.811 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+UseConcMarkSweepGC
22-Jan-2018 10:32:53.812 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
22-Jan-2018 10:32:53.812 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
22-Jan-2018 10:32:53.812 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/var/lib/tomcat8
22-Jan-2018 10:32:53.812 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/share/tomcat8
22-Jan-2018 10:32:53.813 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/tmp/tomcat8-tomcat8-tmp
22-Jan-2018 10:32:53.814 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.14] using APR version [1.6.2].
22-Jan-2018 10:32:53.814 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
22-Jan-2018 10:32:53.815 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
22-Jan-2018 10:32:53.824 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.0.2g 1 Mar 2016]
22-Jan-2018 10:32:54.087 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
22-Jan-2018 10:32:54.133 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
22-Jan-2018 10:32:54.148 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"]
I've also tried enabling SSL debug info with -Djavax.net.debug=ssl
on JAVA_OPTS
and it shows a lot of information but nothing that looks like an error or warning.
Apparently my server is running, If I do netstat -plntu
I see:
tcp6 0 0 :::8080 :::* LISTEN 2843/java
tcp6 0 0 :::8443 :::* LISTEN 2843/java
But it doesn't respond neither in
Firewall ports are open (8080 was working previously and I've just opened 8443 the same way)
Any clue of what else could I check? I've been searching for hours and trying everything I found without success...