Can’t get certs auto-renew on apache in front of tomcat (II)

ppazos · December 4, 2023, 11:10pm

Based on Can't get certs auto-renew on apache in front of tomcat

I have tried to execute with webroot and tried a rewrite condition for /.well-known/acme-challenge/ but I'm not able to renew my domain without taking away the jkmount configuration (Apache redirects to Tomcat and I manage my certs at the Apache level).

Is there any concrete example I can follow? I basically know nothing about certs and how certbot works and with older versions I was able to update the certs without changing the sites-available configuration every time.

Thanks.

MikeMcQ · December 4, 2023, 11:25pm

I am a little puzzled ... I see a cert issued very recently (like within the hour). And, your server is currently using it.

Are you looking to improve the method you used to get this cert today?

Because the prior thread suggested using --webroot. If you had that working with an older Certbot that should work the same with newer versions. There really isn't much change for that.

Can you post your current VirtualHost for port 80? Please add 3 backticks before and after so some of the tags are not lost. Like
```
apache config
```

Bruce5051 · December 4, 2023, 11:26pm

This redirects from http to https; which is fine

$ curl -Ii http://behit-dev.atomik.app/.well-known/acme-challenge/sometestfile
HTTP/1.1 301 Moved Permanently
Date: Mon, 04 Dec 2023 23:24:55 GMT
Server: Apache/2.4.55 (Ubuntu)
Location: https://behit-dev.atomik.app/.well-known/acme-challenge/sometestfile
Content-Type: text/html; charset=iso-8859-1

But this redirects to https://behit-dev.atomik.app/auth/login

$ curl -k -Ii https://behit-dev.atomik.app/.well-known/acme-challenge/sometestfile
HTTP/1.1 302 302
Date: Mon, 04 Dec 2023 23:24:57 GMT
Server: Apache/2.4.55 (Ubuntu)
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Set-Cookie: JSESSIONID=4D57EE641BCDD52A0BEF35DBD62B72FD; Path=/; Secure; HttpOnly
Location: https://behit-dev.atomik.app/auth/login

Bruce5051 · December 4, 2023, 11:28pm

Perhaps Let's Debug can show it better here https://letsdebug.net/behit-dev.atomik.app/1724098?debug=y

Bruce5051 · December 4, 2023, 11:30pm

rg305 · December 4, 2023, 11:55pm

I've used a "catch-all" "alias" within the main "http" section in Apache to point all the vhost requests to that same [dedicated] folder.

Example:

alias   /.well-known/acme-challenge/   /var/allACMEchallenges/

system · January 3, 2024, 11:55pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't get certs auto-renew on apache in front of tomcat Help	6	628	October 15, 2023
Renew failed due to redirect Help	7	3674	February 23, 2018
Apache 2.4 : HTTPS redirection excepted for ./well-known/acme-challenge Help	9	6867	July 9, 2020
Certbot not renewing for domain with redirection Help	8	7152	August 3, 2018
How to authenticate a hostname that has an Apache redirect directive? Help	3	848	November 4, 2018

Can’t get certs auto-renew on apache in front of tomcat (II)

Related topics