Mobile app version of vmapp.org
Login or Join
Fox8124981

: Adding LetsEncrypt to Tomcat/Apache setup with mod_jk I have a Tomcat server running behind Apache using mod_jk (the AJP connector in Tomcat). I just tried adding SSL to this setup with LetsEncrypt,

@Fox8124981

Posted in: #Apache #Https #LetsEncrypt #Tomcat

I have a Tomcat server running behind Apache using mod_jk (the AJP connector in Tomcat). I just tried adding SSL to this setup with LetsEncrypt, but certbot was unable to verify that I own the domain since it could not access the challenge files, as Apache was proxying all requests to Tomcat. How can I get a LetsEncrypt certificate for my server with my current setup?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Fox8124981

1 Comments

Sorted by latest first Latest Oldest Best

 

@Heady270

You can use the JkUnMount directive to prevent a directory from being handled by Tomcat. You can let the acme challenge directory be handled by Apache.

The configuration for that might look like:

JkUnMount /.well-known/acme-challenge/* *


The final * should unmount it from all configured workers. If you want to exclude that directory for just one of several workers, you can use the worker name instead.

I prefer to use reverse proxy over mod_jk with Tomcat, mostly because I find it easier to debug. Excluding directories is similar with reverse proxy. The configuration is:

ProxyPass /.well-known/acme-challenge/ !

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme