Verification redirected to login

Levii96 · October 8, 2019, 6:37am

I ran this command: multiple ACME clients, but most recently CertifyTheWeb, they all produced the same error.

It produced this output: Invalid response from WEBSITE/login : “\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n<meta charset=“utf-8”>\r\n\t\t<meta http-equiv=“X-UA-Compatible” conten”

My web server is (include version): Tomcat 9

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): https://certifytheweb.com/ version 4.1.6

I assume it’s because a login is required on my Website and it redirects the verification to the login page. I have no idea how to add an exception to that rule though.

If i try to reach a file in .well-known/acme-challenge while i’m logged in it works perfectly.

_az · October 8, 2019, 6:43am

You would have to configure Tomcat such that the request to /.well-known/acme-challenge/* doesn’t go through your web application, but is served directly from the filesystem.

You can usually do this by adding a <Context> inside of the primary <Host> in Tomcat’s server.xml.

e.g.

<Context docBase="C:\acme-directory" path="/.well-known/acme-challenge/" />

Levii96 · October 8, 2019, 8:24am

Thank you for your fast response!

I tried adding a Context and now i’m no longer redirected to the login page, but i get a 404 missing page error from both, the ACME Client and when i try to access a file i put in there.

_az · October 8, 2019, 8:41am

So creating C:\acme-directory\test.txt and accessing http://example.com/.well-known/acme-challenge/test.txt doesn’t work?

Levii96 · October 8, 2019, 8:47am

1.)
Just to be safe, docBase has to point towards ROOT.war and path is the subsequent path right?
My Context looks like this:
<Context docBase="C:\apache\tomcat9\webapps\" path="/.well-known/acme-challenge/"/>

The root file lies within the webapps folder.

2.)

I created myfile in:
C:\apache\tomcat9\webapps\root\.well-known\acme-challenge\test.txt

And i could not reach it when i typed in:
http://website.com/.well-known/acme-challenge/test.txt

_az · October 8, 2019, 8:50am

I would not recommend doing that. It will expose all of your deployed code to the internet.

The idea in the extra Context is to direct Let's Encrypt-related requests to a completely unrelated directory, outside of Tomcat. (Such as literally using C:\acme-directory).

Then you tell Certify The Web to use that separate directory as your webroot.

Levii96 · October 8, 2019, 8:55am

Turns out this was exactly my error, i pointed the docbase directly to the ACME challenge and now it works like a charm and i got my certificate!

Thank you very much!

system · November 7, 2019, 8:55am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.