There are a number of guides online that explain how to setup LetsEncrypt for Tomcat, all of which I found quite involved. I setup LetsEncrypt with Tomcat a while ago, so please forgive me if I've missed a step or 10 😉
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
certbot --apache -d yourdomain.co.za
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo nano 000-default-le-ssl.conf
Insert the following just under DocumentRoot /var/www/html:
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://YOUR-IP-OR-DOMAIN-NAME:8080/
ProxyPassReverse / http://YOUR-IP-OR-DOMAIN-NAME:8080/
sudo service apache2 restart
You should now have Tomcat running with a LetsEncrypt SSL certificate. If you get stuck, feel free to comment and I'll be happy to assist.