I ran this command: multiple ACME clients, but most recently CertifyTheWeb, they all produced the same error.
It produced this output: Invalid response from WEBSITE/login : “\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n<meta charset=“utf-8”>\r\n\t\t<meta http-equiv=“X-UA-Compatible” conten”
My web server is (include version): Tomcat 9
The operating system my web server runs on is (include version): Windows 10
My hosting provider, if applicable, is: -
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): https://certifytheweb.com/ version 4.1.6
I assume it’s because a login is required on my Website and it redirects the verification to the login page. I have no idea how to add an exception to that rule though.
If i try to reach a file in .well-known/acme-challenge while i’m logged in it works perfectly.
You would have to configure Tomcat such that the request to /.well-known/acme-challenge/* doesn’t go through your web application, but is served directly from the filesystem.
You can usually do this by adding a <Context> inside of the primary <Host> in Tomcat’s server.xml.
I tried adding a Context and now i’m no longer redirected to the login page, but i get a 404 missing page error from both, the ACME Client and when i try to access a file i put in there.
1.)
Just to be safe, docBase has to point towards ROOT.war and path is the subsequent path right?
My Context looks like this: <Context docBase="C:\apache\tomcat9\webapps\" path="/.well-known/acme-challenge/"/>
The root file lies within the webapps folder.
2.)
I created myfile in: C:\apache\tomcat9\webapps\root\.well-known\acme-challenge\test.txt
And i could not reach it when i typed in: http://website.com/.well-known/acme-challenge/test.txt
I would not recommend doing that. It will expose all of your deployed code to the internet.
The idea in the extra Context is to direct Let's Encrypt-related requests to a completely unrelated directory, outside of Tomcat. (Such as literally using C:\acme-directory).
Then you tell Certify The Web to use that separate directory as your webroot.