The Let’s Encrypt initiative has changed the landscape for online security. The capital cost of cryptographic security for every web site worldwide has been lowered from potentially thousands of dollars per year to zero. One of the trade-offs for the availability of these free certificates is that they are short-lived, making automated deployment of certificates an essential piece of any deployment plan. Let’s Encrypt supports Apache httpd out of the box for single-command renewal and deployment on a single host, while with Tomcat it’s more complicated. We’ll be discussing how Let’s Encrypt handles domain-validated authentication, initial requests, and renewals, and how to automate the deployment process in your Tomcat-based environment with minimal downtime.