I am trying to set up my web site to use letsencrypt on windows running tomcat. I could not find a clear document how this should be done. There are several web pages that people talked about how they did it but I don't quite understand why they did it that way. Here is what I have. Please let me what I did wrong or missed any steps.
The environment: Windows 10 Tomcat 7 JRE 1.7 letsencrypt-simple latest beta
I first ran letsencrypt.exe, choose generate certificate manually, filling in all the questions. When the exe executed, it created a bunch of files and certificates under the folder:
httpsacme-v01.api.letsencrypt.org
In this folder, there is a certificate file which I believe is what I need. The name is www.mydomain.com-chain.pem
Then run the following command: "%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -ext san=dns:www.mydomain.com -keyalg RSA -keystore .\my.keystore
Run this command to check the created keystore: "%JAVA_HOME%\bin\keytool" -list -keystore .\tstm.keystore It has 1 entry, the private key
Then I ran the following command to import the chain.pem file into the keystore: "%JAVA_HOME%\bin\keytool" -import -alias root -keystore .\my.keystore -trustcacerts -file "C:\Users\abc\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org"\www.mydomain.com-chain.pem
This appears to be successful and added certs into the keystore file. When checking again, it has two entries.
Then I used the keystore and password in my Tomcat's connector.
xHowever, when connecting from client, the browsers don't think the certificate is valid and always giving warnings that the site is not secure. I can see the certificate I created in browser, so I assume that I didn't build up the cert chain properly. Any help is appreciated!
Thanks!