SSL Certificate in Apache Ubuntu 14.04

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.templeconnect.com

I ran this command: ./certbot-auto --apache -d templeconnect.com -d www.templeconnect.com

It produced this output:

My web server is (include version): Apache-Coyote/1.1

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Dont know how to find this

Followed this article https://www.parthpatel.net/install-free-ssl-apache-ubuntu/#Install_Free_SSL_Certificate_in_Apache_Ubuntu_1404

Kindly Help

Hi @sarvankarthik6

checking your output there is a redirect http -> https, Letsencrypt fetches the https version.

But you use --apache, that creates a temporary location definition and uses http.

So your configuration with Apache-Coyote doesn’t work with the --apache authenticator.

Find the webroot of your Tomcat configuration and use that with webroot.

certbot run -a webroot certonly -w TomcatWebroot -d templeconnect.com -d www.templeconnect.com

PS: I don’t know if Certbot can configure a Tomcat, so I’ve added certonly.

Your main configuration looks ok ( https://check-your-website.server-daten.de/?q=templeconnect.com ) :

Domainname Http-Status redirect Sec. G
http://templeconnect.com/
128.199.139.2 302 https://www.templeconnect.com/ 0.537 E
http://www.templeconnect.com/
128.199.139.2 302 https://www.templeconnect.com/ 0.540 A
https://templeconnect.com/
128.199.139.2 302 https://www.templeconnect.com/ 2.580 B
https://www.templeconnect.com/
128.199.139.2 -14 10.030 T
Timeout - The operation has timed out
http://templeconnect.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
128.199.139.2 302 https://www.templeconnect.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.536 E
Visible Content:
http://www.templeconnect.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
128.199.139.2 302 https://www.templeconnect.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.536 A
Visible Content:
https://www.templeconnect.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 2.220 A
Not Found
Visible Content: HTTP Status 404 - type Status report message description The requested resource is not available. Apache Tomcat/8.0.33

You have a redirect http -> https + www, the https + www version answers with the correct http status 404 - Not Found.

Hi @JuergenAuer

Thanks alot for your quick reply.

  • Find the webroot of your Tomcat configuration and use that with webroot.

Can you please let me know how to find this… and where to find this?

There’s no completely reliable way to automatically identify a “webroot” with Tomcat. Each application that uses Tomcat tends to come with a custom Tomcat configuration. Often times, there is no “webroot”.

You can create your own webroot configuration by modifying conf/server.xml.

Find the <Host> tag, and add inside it:

<Context path="/.well-known/acme-challenge" docBase="/var/www/letsencrypt/.well-known/acme-challenge" />

Then run:

mkdir -p /var/www/letsencrypt/.well-known/acme-challenge

and restart Tomcat.

Once you’ve done that, you can do e.g.:

certbot certonly --webroot -w /var/www/letsencrypt -d www.templeconnect.com -d templeconnect.com
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.