dogtag-pki: Tomcat instance crashes on Debian 11 when using certbot from other server
by Superspeed500 from LinuxQuestions.org on (#5SR0N)
I have a Debian 11 server as a PKI soulution for my LAN. The server is setup with dogtag-pki with the following components:
The ACME Responder however have some issues. The entire Tomcat instance running the CA and ACME Responder sometimes crashes if I from a different server runs the certbot command with http-01 validator and multiple domain names towards a webserver. The service have to be manually restarted everytime it crashes.
I have found out that the responder seems to stay stable if I use the --standalone parameter, but not all of my servers can spin up a temporary web server on port 80, since there already is a web server running on that port. I also noticed that I am usually able to use the --webroot parameter if i disable https redirect for .well-known on the web server.
The version of dogtag-pki is 10.10.2-3 on Debian 11.
Anyone knows any workarounds or if this bug should be reported somewhere?
Let me know if more info is needed, thanks in advance.
- CA
- ACME Responder
The ACME Responder however have some issues. The entire Tomcat instance running the CA and ACME Responder sometimes crashes if I from a different server runs the certbot command with http-01 validator and multiple domain names towards a webserver. The service have to be manually restarted everytime it crashes.
I have found out that the responder seems to stay stable if I use the --standalone parameter, but not all of my servers can spin up a temporary web server on port 80, since there already is a web server running on that port. I also noticed that I am usually able to use the --webroot parameter if i disable https redirect for .well-known on the web server.
The version of dogtag-pki is 10.10.2-3 on Debian 11.
Anyone knows any workarounds or if this bug should be reported somewhere?
Let me know if more info is needed, thanks in advance.