Here's the flow for getting the certificate (we recommend to run it before setting up Headwind MDM!):
1. Make sure your domain name is resolved to the server where you install Headwind MDM.
2. Run the commands:
# apt install certbot
# certbot certonly --standalone -d your-domain.com
On success, your certificate and private key will be stored in /etc/letsencrypt/live/your-domain.com/.
After that, you can follow this manual to setup the certificate for the Tomcat server.
There are important notices which should be taken into account when using LetsEncrypt and Certbot.
1. LetsEncrypt requires the certificate renewal each 3 months, so it is up to you to setup a script for the certificate renewal or renew it manually.
2. This software uses HTTP port 80 to confirm the domain ownership. Therefore, during the renewal process (not very long though, usually it takes less than a minute), port 80 will be unavailable.
If you have previously redirected port 80 to 8080 to be able to run Headwind MDM at port 80, you will need to remove the iptables rule before running the renewal script and add it back after running that script.