For those like me who don't have time to be an expert on everything here is what I did:
1. Install Certify The Web.
2. Make sure you have a backup copy of your certname.pfx and server.xml (see next).
2. Blindly follow: https://docs.certifytheweb.com/docs/deployment/tasks/tomcat
3. Realize they mean the complete file path: C:Program FilesJSSTomcatcertname.pfx
4. Edit the server.xml *what I did was delete the certificateKeyAlias entry and left the certificateKeystorePassword. Probably could have change it to "" per instructions.
5. Enter the KeystorePassword in: Certify -> Certificate -> Security -> New.
6. Test.
7. Remember I don't forward port 80 traffic but already have a DNS API key. If that's you too: Change Auth Challenge Type to dns-01, select your DNS provider, enter New credentials (your API Auth Key and Secret).
8. Save.
9. Test again.
10. Run.
11. Pray.
12. Launch site.
13. Celebrate!!!
14. Enjoy warm glow of sticking it to the man.
