How to: certs for an open street map tile server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:certbot certonly (selected option 2, then, webroot)

It produced this output:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Type: unauthorized
Detail: Invalid response from 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

My web server is (include version): Apache2 2.4.54

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
Ubuntu 22.04

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No. Command line

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Note, other 'normal' virtual host sites I was able to get certificates easily. (Thank You).

This virtual host is quite different. Here is the site config in apache's sites-available
<VirtualHost *:80>
LogLevel info
Include /etc/apache2/conf-available/renderd.conf

<VirtualHost *:443>
LogLevel info
Include /etc/apache2/conf-available/renderd.conf

Welcome to the community @rogers

Can you show what in the /etc/apache2/conf-available/renderd.conf

Please put 3 backticks before and after the output to ensure proper formatting. Like this:
contents of file

If your first post had more info around your VirtualHosts you can go back and add 3 backticks around those too. Thanks


The info around VirtualHosts was complete.
Here is what you requested (comments were removed)

    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Require all granted

    ModTileTileDir /var/cache/renderd/tiles

    LoadTileConfigFile /etc/renderd.conf

    ModTileEnableStats On

    ModTileBulkMode Off

    ModTileRequestTimeout 3

    ModTileMissingRequestTimeout 10

    ModTileMaxLoadOld 2

    ModTileMaxLoadMissing 5

    ModTileRenderdSocketName /run/renderd/renderd.sock

    ModTileCacheDurationMax 604800

    ModTileCacheDurationDirty 900

    ModTileCacheDurationMinimum 10800
    ModTileCacheDurationMediumZoom 13 86400

    ModTileCacheDurationLowZoom 9 518400

    ModTileCacheLastModifiedFactor 0.20

    ModTileEnableTileThrottling Off

    ModTileEnableTileThrottlingXForward 0

    ModTileThrottlingTiles 10000 1
    ModTileThrottlingRenders 128 0.2


Sorry.. have been working since 3:30 am. The info as depicted for Virtual Hosts was indeed complete however, I suspect the lack of using 3 backslashes prevented the line


from displaying.

1 Like

No problem. I don't see a DocumentRoot in that VirtualHost. So, did the folder you entered when certbot asked for webroot match the default DocumentRoot in apache?

The 404 error means "Not Found" and often it's because of mismatch between the DocumentRoot and the certbot webroot.


Interestingly, the file apache2.conf does not have DocumentRoot defined. That file remains as it was when installed.

So, no, they do not match.

Try adding DocumentRoot to your VirtualHost and use that for the -w folder value

Could use a folder outside your regular hosted files such as:


A custom module named mod_tile is being used (GitHub - openstreetmap/mod_tile: Renders map tiles with mapnik and serves them using apache) which probably explains the lack of a DocumentRoot directive.

You probably want to limit any DocumentRoot setting to the path /.well-known/acme-challenge/. Not sure how that would fair when mod_tile is also being used.


That worked. Thank you.



Just to make this complete:
I was concerned with setting DocumentRoot thinking that might interfere with the renderd engine. So I did set it, but to the location /var/www/tileserver One of the directories that comprise the renderd system.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.