I am trying to https/SSL enable my tomcat application server and have a problem when I request verification from the CA. Let's Encrypt requires the certificate request to be placed in mydomain.tld/.well-known/acme-challenge/ which they query to check that I control the site. Tomcat does not appear to handle hidden directories correctly. There as several on-line references to Tomcat being an issue, but I have yet to find a Tomcat solution. (Other than to front tend Tomcat with the Apache httpd server, but I would like to find a solution that is pure tomcat.) I started with tomcat-7.0.42 Centos 6-8.el6 jdk1.7.0_25, then upgraded to tomcat-8.5.14 Centos 6-8.el6 jdk1.8.0_131, same problem.
The hidden directory problem manifest in two ways. 1. If I create a site/app with th directory /.well-known/ Tomcat creates two contexts where there should be one, one for my app and another for /.well-known (i.e. a sub directory of the app) 2. If I don't create a /.well-known/ directory, but try and do a urlrewrite from /.well-known/ to say /well-known/ it still sees the url as trying to access a separte context /.well-known/ and does not rewrite it as expected. Request-dumper shows ( some lines removed for clarity) requestURI=/.well-known/acme-challenge/test.html contextPath=/.well-known serverName=mydomain.tld serverPort=80 servletPath=/acme-challenge/test.html status=404 The above fails if /.well-known/acme-challenge/test.html exists or not since it is looking in the wrong context path. Contrasts with a correctly served (not hidden) page. requestURI=/stats/index.html contextPath= header=host=www.mydomain.tld contextPath= serverName=www.mydomain.tld serverPort=80 servletPath=/stats/index.html status=200 Has anyone seen an solution to this issue? Any suggestions? Thanks for your consideration, ian
