Temporary challenge files not available, two domains

Help
1

My autorenewal for certs isn't working anymore. It seems that the acme-challenge is not available because it errors out with a 404. Tomcat is hosting two websites (api.xxx and reports.xxx) at the same address with the same certificate, but from different directories on the server. If I specify "-w /opt/tomcat/api.agentplus.ca/webapps/ROOT" on the "certbot renew" command line, it complains it can't find the acme-challenge for reports.agentplus.ca. If I specify "-w /opt/tomcat/reports.agentplus.ca/webapps/ROOT" on the command line, then it complains about api.agentplus.ca. This leads me to believe both paths are available and everything is properly set up in Tomcat.

This worked fine for years, but has stopped working recently for some reason. I tried addding allowLinking="true" to tomcat's server.xml and then creating a symbolic link for the acme-challenge directory, but that didn't seem to fix it.

Is there any way to make certbot create two acme-challenge directories? Or only challenge one of the domains? Thanks in advance for any help.

My domain is: api.agentplus.ca and reports.agentplus.ca

I ran this command:
certbot renew -w /opt/tomcat/api.agentplus.ca/webapps/ROOT/ --cert-name api.agentplus.ca --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/api.agentplus.ca.conf

Simulating renewal of an existing certificate for api.agentplus.ca and reports.agentplus.ca

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: api.agentplus.ca
Type: unauthorized
Detail: 15.222.182.38: Invalid response from https://reports.agentplus.ca/.well-known/acme-challenge/U1-1bVQ0nBNv4q4pJKDjDx2WPCpwdkd8e6W6Qjy9Wcc: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Failed to renew certificate api.agentplus.ca with error: Some challenges have failed.

All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/api.agentplus.ca/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version):
apache-tomcat-9.0.19

The operating system my web server runs on is (include version):
CentOS Linux release 7.8.2003

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0

2

Yes. User Guide — Certbot 3.3.0 documentation

  --webroot-path WEBROOT_PATH, -w WEBROOT_PATH
                        public_html / webroot path. This can be specified
                        multiple times to handle different domains; each
                        domain will have the webroot path that preceded it.
                        For instance: `-w /var/www/example -d example.com -d
                        www.example.com -w /var/www/thing -d thing.net -d
                        m.thing.net` (default: Ask)
  --webroot-map WEBROOT_MAP
                        JSON dictionary mapping domains to webroot paths; this
                        implies -d for each entry. You may need to escape this
                        from your shell. E.g.: --webroot-map
                        '{"eg1.is,m.eg1.is":"/www/eg1/", "eg2.is":"/www/eg2"}'
                        This option is merged with, but takes precedence over,
                        -w / -d entries. At present, if you put webroot-map in
                        a config file, it needs to be on a single line, like:
                        webroot-map = {"example.com":"/var/www"}. (default:
                        {})

You can also use two certificates if it's more convenient.

3 Likes