Challenge failed for domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:certbot --apache

It produced this output:

My web server is (include version):Tomcat 9.0.39

The operating system my web server runs on is (include version):Ubuntu 18.04

My hosting provider, if applicable, is:none

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.0.9

1 Like

Welcome to the Let's Encrypt Community, Carles :slightly_smiling_face:

You are using Tomcat, which requires a completely different process. I recommend that you setup an Apache reverse proxy so that Apache is facing outwards and can easily be used to manage your certificates.

1 Like

Thanks griffing for your reply.

Honestly, the choice you give is too difficult for me. I've never worked with proxies..., I dare to edit the config/server.xml, the web or context files, but not much more.

I had never heard about the Apache directives, neither loaded modules. If it is certainly required to learn about all these topics, I would thank you make me know about some course or some way to do it.

I am not a system administrator. I just know about java programming and using databases, but much less about system administration. Just have configured some files for postgresql, ssh, and tomcat. That's all that I know.

Thus, can you help me even in this situation?

Thank you very much for your consideration.


Missatge de Jonathan Griffin via Let's Encrypt Community Support <> del dia dg., 25 d’oct. 2020 a les 17:32:


Then who is?

This is a Tomcat we are talking about here, they don't feed themsleves...

READERS: Get involved. Be heard. Do your part, it starts with: If you read something you like; then like it :heart: !

1 Like

Certainly :slightly_smiling_face: It is understandable that it can be a bit of a learning curve. Having helped with dozens of Tomcat instances, I tried to steer you towards the easiest path based on my experience. The reference I provided should guide you step by step, but it does provide some extra information. It is the official guide recommended by Apache. There are "native" ways to use certificates directly in Tomcat, but those ways involve openssl commands, are very ugly, and are prone to errors.

You might find the following guide a bit easier to swallow. Just skip anything it mentions about installing or upgrading certbot because your already have the latest and greatest version.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.