Can’t get certs auto-renew on apache in front of tomcat (II)

Based on Can't get certs auto-renew on apache in front of tomcat

I have tried to execute with webroot and tried a rewrite condition for /.well-known/acme-challenge/ but I'm not able to renew my domain without taking away the jkmount configuration (Apache redirects to Tomcat and I manage my certs at the Apache level).

Is there any concrete example I can follow? I basically know nothing about certs and how certbot works and with older versions I was able to update the certs without changing the sites-available configuration every time.


1 Like

I am a little puzzled ... I see a cert issued very recently (like within the hour). And, your server is currently using it.

Are you looking to improve the method you used to get this cert today?

Because the prior thread suggested using --webroot. If you had that working with an older Certbot that should work the same with newer versions. There really isn't much change for that.

Can you post your current VirtualHost for port 80? Please add 3 backticks before and after so some of the tags are not lost. Like
apache config


This redirects from http to https; which is fine

$ curl -Ii
HTTP/1.1 301 Moved Permanently
Date: Mon, 04 Dec 2023 23:24:55 GMT
Server: Apache/2.4.55 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1

But this redirects to

$ curl -k -Ii
HTTP/1.1 302 302
Date: Mon, 04 Dec 2023 23:24:57 GMT
Server: Apache/2.4.55 (Ubuntu)
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Set-Cookie: JSESSIONID=4D57EE641BCDD52A0BEF35DBD62B72FD; Path=/; Secure; HttpOnly
1 Like

Perhaps Let's Debug can show it better here

1 Like

1 Like

I've used a "catch-all" "alias" within the main "http" section in Apache to point all the vhost requests to that same [dedicated] folder.


alias   /.well-known/acme-challenge/   /var/allACMEchallenges/

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.