Cannot get SSL working on Tomcat8.5

Question

I had my Tomcat8 running fine in port 8080, but now I'm trying to enable https in 8443 and, even though logs look fine it doesn't work (not even in 8080 without https right now).

My sistem is Ubuntu 17.10 and I'm using Tomcat 8.5.21

What I did:

1. Get a Let's Encrypt Certificate (it's working fine in my Apache) and created a JKS Keystore.

2. Updated my server.xml connector with:

   <Connector port="8080" protocol="HTTP/1.1" 
              connectionTimeout="20000"
              redirectPort="8443" />
   
   <Connector port="8443" 
              protocol="org.apache.coyote.http11.Http11NioProtocol"
              SSLEnabled="true" scheme="https" secure="true" 
              clientAuth="false" sslProtocol="TLSv1.2" 
              keyAlias="tomcat"
              keystoreType="JKS" keystoreFile="/etc/letsencrypt/live/sydomain/MyDSKeyStore.jks"
              keystorePass="mypassword" />
   

3. Installed APR and make sure that <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> was present on my server.xml (warning about APR in logs disapeared)

4. Fixed an error saying Cannot recover key by making my Keystore and Key password the same.

5. Restarted the tomcat8 service (also tried rebooting the server).

My catalina.out for a start process shows:

22-Jan-2018 10:32:53.795 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/8.5.21 (Ubuntu)

22-Jan-2018 10:32:53.801 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Oct 13 2017 11:06:51 UTC

22-Jan-2018 10:32:53.802 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 8.5.21.0 22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux

22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 4.13.0-25-generic

22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64

22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/lib/jvm/java-8-openjdk-amd64/jre

22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_151-8u151-b12-0ubuntu0.17.10.2-b12

22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation

22-Jan-2018 10:32:53.807 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /var/lib/tomcat8

22-Jan-2018 10:32:53.808 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /usr/share/tomcat8

22-Jan-2018 10:32:53.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/var/lib/tomcat8/conf/logging.properties

22-Jan-2018 10:32:53.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager

22-Jan-2018 10:32:53.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.awt.headless=true

22-Jan-2018 10:32:53.811 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+UseConcMarkSweepGC

22-Jan-2018 10:32:53.812 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048

22-Jan-2018 10:32:53.812 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources

22-Jan-2018 10:32:53.812 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/var/lib/tomcat8

22-Jan-2018 10:32:53.812 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/share/tomcat8

22-Jan-2018 10:32:53.813 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/tmp/tomcat8-tomcat8-tmp

22-Jan-2018 10:32:53.814 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.14] using APR version [1.6.2].

22-Jan-2018 10:32:53.814 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].

22-Jan-2018 10:32:53.815 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]

22-Jan-2018 10:32:53.824 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.0.2g 1 Mar 2016]

22-Jan-2018 10:32:54.087 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]

22-Jan-2018 10:32:54.133 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read

22-Jan-2018 10:32:54.148 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"]

I've also tried enabling SSL debug info with -Djavax.net.debug=ssl on JAVA_OPTS and it shows a lot of information but nothing that looks like an error or warning.

Apparently my server is running, If I do netstat -plntu I see:

tcp6   0    0 :::8080       :::*        LISTEN      2843/java
tcp6   0    0 :::8443       :::*        LISTEN      2843/java

But it doesn't respond neither in

• http://localhost:8080
• https://localhost:8443
• http://example.com:8080
• https://example.com:8443

Firewall ports are open (8080 was working previously and I've just opened 8443 the same way)

Any clue of what else could I check? I've been searching for hours and trying everything I found without success...