Renew does not work on Apache Tomcat (404)

Following problem:
With firewall we get invalid Port in redirect target. Without Firewall we can connect to /.well-known/acme-challange/test. The certbot-auto certonly command was running without the fierewall.

My domain is:

I ran this command: certbot-auto certonly --webroot --webroot-path /usr/share/tomcat/webapps/ROOT -d

It produced this output:
Type: unauthorized
Detail: Invalid response from
[]: “\n\n404 Not

Not Found


My web server is (include version):
Apache Tomcat 7.0.76

The operating system my web server runs on is (include version):
Centos 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.40.1

1 Like

Hi @mtheis

checking your domain there is a redirect to port 8443 -


Letsencrypt doesn't follow redirects to non-standard-ports. So that can't work. Remove that redirect, minimal, if the subdirectory starts with /.well-known/acme-challenge.

But curious: That error isn't visible, there is a http status 404 - Not Found visible.

Next curious thing:

answers with a Tomcat http status 404 - Not Found.

So first question: Is



Create the two required subdirectories


there a file (file name 1234), then try to load that file via

That must work, if your webroot is correct.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.