Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: safetoclick.net
I ran this command: sudo certbot certonly --webroot -w /opt/tomcat/webapps/safetoclick --dry-run
It produced this output:
Failed authorization procedure. www.safetoclick.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.safetoclick.net/.well-known/acme-challenge/LOzpmJgLHlkqQUDV_50U0bp1ICRzi1_zVbmaTXKyuu0 [173.220.113.229]: "<!doctype html><html lang=\"en\"><head><title>HTTP Status 404 \u2013 Not Found</title><style type=\"text/css\">h1 {font-family:Tahoma,A", safetoclick.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://safetoclick.net/.well-known/acme-challenge/6pqFazWIRWE4FiCL342tbjP_DewykEdQhytYVbmP0Sg [173.220.113.229]: "<!doctype html><html lang=\"en\"><head><title>HTTP Status 404 \u2013 Not Found</title><style type=\"text/css\">h1 {font-family:Tahoma,A"
My web server is (include version):
Tomcat 8
The operating system my web server runs on is (include version):
Ubuntu 18.04
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0
Hello forum,
I have a tomcat webapp running at /opt/tomcat/webapps/safetoclick. I have an active hello world page at safetoclick.net/safetoclick. I have the ability to write to the webapp directory. This is a different webapp on the same server that I referenced in this thread, but I am not receiving the same results that I did when using the above command: Failing acme challenge when installing certificate for Tomcat.
Any help is greatly appreciated. Thank you for reading!
Are you sure that’s the correct path? Is it set up to serve static files? What’s in your error and access logs?
If the root path is /opt/tomcat/webapps/safetoclick/, but the URL is http://safetoclick.net/safetoclick/, does that mean that the root path is actually /opt/tomcat/webapps/? Or are your files really in /opt/tomcat/webapps/safetoclick/safetoclick/?
Hi @mnordhoff,
Thank you for your reply. The webapp is definitely in the /opt/tomcat/webapps/safetoclick/ directory.
Below are recent logs from catalina.out. I have one severe warning regarding what appears to be a conflict on port 8005. I don’t think that’s likely what’s keeping this command from succeeding. I also am only seeing one running process at 8005. netstat -lpn | grep 8005 returns this: tcp6 0 0 127.0.0.1:8005 :::* LISTEN 29624/java
Catalina.out logs: 07-Jan-2020 19:08:27.272 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat/webapps/safetoclick] 07-Jan-2020 19:08:29.144 INFO [localhost-startStop-1]org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat/webapps/ok] has finished in [248] ms
07-Jan-2020 19:08:29.144 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat/webapps/affinity-it]
07-Jan-2020 19:08:29.283 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
07-Jan-2020 19:08:29.288 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat/webapps/affinity-it] has finished in [144] ms
07-Jan-2020 19:08:29.293 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 2104 ms
07-Jan-2020 19:08:29.294 SEVERE [main] org.apache.catalina.core.StandardServer.await StandardServer.await: create[localhost:8005]:
java.net.BindException: Address already in use (Bind failed)
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:387)
at java.net.ServerSocket.bind(ServerSocket.java:375)
at java.net.ServerSocket.<init>(ServerSocket.java:237)
at org.apache.catalina.core.StandardServer.await(StandardServer.java:440)
at org.apache.catalina.startup.Catalina.await(Catalina.java:744)
at org.apache.catalina.startup.Catalina.start(Catalina.java:690)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:355)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:495)
07-Jan-2020 19:08:29.295 INFO [main] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["http-nio-8080"]
07-Jan-2020 19:08:29.295 INFO [main] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["https-jsse-nio-8443"]
07-Jan-2020 19:08:29.295 INFO [main] org.apache.catalina.core.StandardService.stopInternal Stopping service [Catalina]
07-Jan-2020 19:08:29.358 INFO [main] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler ["http-nio-8080"]
07-Jan-2020 19:08:29.358 INFO [main] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler ["http-nio-8080"]
07-Jan-2020 19:08:29.359 INFO [main] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler ["https-jsse-nio-8443"]
07-Jan-2020 19:08:29.359 INFO [main] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler ["https-jsse-nio-8443"]
I appreciate your reply. I restarted tomcat and do not see that Bind Exception error anymore. However, I am still unsuccessful in my dry runs. I even tried removing the dry run flag one time just to see if it somehow made a difference but I got the same result. Below are recent access logs from tomcat.
I wanted to provide a few other bits of information. I have two domains mapped to this server’s IP. fiska11oy.com and safetoclick.net. I have been successful in configuring fiska11oy.com with letsencrypt in the past but that cert has expired and was not auto-renewed. I have tried repeating the same steps that were successful in the past but have had no luck. I am hoping to install one cert this time around, perhaps using /opt/tomcat/webapps/ as the webroot, and it should hopefully show a padlock and both domains, which I think is possible but please correct me if I am mistaken.
All of the logs entries to challenge files show a return code of 404 (file not found).
[this need to be corrected for a cert to be issued]
Maybe you could share those steps here.
[please include any error codes or messages]
Yes, an LE cert can hold up to 100 individual names; so two names is not a problem.
You will however need to call certbot once (with both names in the request) to get one single cert with both names on it.
[and both names will need to validate for the cert to be issued - any failure will cause the entire cert request to fail]
The first concern should be correcting the 404 errors.