CertBot unauthorized - Invalid response

Question

Am trying to install a certificate for my webapp, which is deployed in my Amazon AWS.

 ./certbot-auto certonly --standalone --standalone-supported-challenges http-01 -d www.mywebsite.com --debug

when I run the above command, I get the following response

 The following errors were reported by the server:

   Domain: www.mywebsite.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.mywebsite.com/.well-known/acme-challenge/PoX30b9dlmVuf-iU6zcNOo7_l7FaYTiJMgjHR4td8p4:
   "<html><head><title>Apache Tomcat/7.0.70 - Error
   report</title><style><!--H1
   {font-family:Tahoma,Arial,sans-serif;color:white;bac"

Am trying to point to the app which I deployed in Apache tomcat server. I could see the .well-known folder is getting created but the folder is completely empty.

Any Light on this?

Answer 1

It's clear that you standalone server didn't bind to the required IP/port. That's why the error message contains response from Tomcat. You shold stop your Tomcat server, then run certbot-auto --standalone, so certbot's build-in webserver could serve responses.

Answer 2

First of all do a sudo su - It will only work if you are using root as user.

now create a file /etc/letsencrypt/config.ini and add

rsa-key-size = 4096
email = [email protected]

then run

/opt/letsencrypt/letsencrypt-auto renew --config /etc/letsencrypt/config.ini --agree-tos

and after that add to crontab

0 1 1 * * /opt/letsencrypt/letsencrypt-auto renew --config /etc/letsencrypt/config.ini --agree-tos && apachectl graceful