On 01/05/17 20:11, Ian Brown wrote: > I am trying to https/SSL enable my tomcat application server and have > a problem when I request verification from the CA. Let's Encrypt > requires the certificate request to be placed in > mydomain.tld/.well-known/acme-challenge/ which they query to check > that I control the site. Tomcat does not appear to handle hidden > directories correctly. There as several on-line references to Tomcat > being an issue, but I have yet to find a Tomcat solution. (Other than > to front tend Tomcat with the Apache httpd server, but I would like > to find a solution that is pure tomcat.) I started with tomcat-7.0.42 > Centos 6-8.el6 jdk1.7.0_25, then upgraded to tomcat-8.5.14 > Centos 6-8.el6 jdk1.8.0_131, same problem.
This works out of the box for me. Just: cd webapps/ROOT mkdir .well-known > The hidden directory problem manifest in two ways. > 1. If I create a site/app with th directory /.well-known/ Tomcat creates two > contexts > where there should be one, one for my app and another for > /.well-known (i.e. a sub directory of the app) Please explain exactly how you configured this starting from a clean Tomcat install. 2. If I don't create a > /.well-known/ directory, but try and do a urlrewrite from > /.well-known/ to say /well-known/ it still sees the url as trying to > access a separte context /.well-known/ and does not rewrite it as > expected. Again, please explain exactly how you configured the rewrite. > Request-dumper shows ( some lines removed for clarity) > > requestURI=/.well-known/acme-challenge/test.html > contextPath=/.well-known serverName=mydomain.tld serverPort=80 > servletPath=/acme-challenge/test.html status=404 > > The above fails if /.well-known/acme-challenge/test.html exists or > not since it is looking in the wrong context path. > > Contrasts with a correctly served (not hidden) page. > > requestURI=/stats/index.html contextPath= > header=host=www.mydomain.tld contextPath= > serverName=www.mydomain.tld serverPort=80 > servletPath=/stats/index.html status=200 > > Has anyone seen an solution to this issue? Any suggestions? Thanks > for your consideration, ian Looks like the Tomcat configuration is not correct. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org