Article 5SR0N dogtag-pki: Tomcat instance crashes on Debian 11 when using certbot from other server

dogtag-pki: Tomcat instance crashes on Debian 11 when using certbot from other server

by
Superspeed500
from LinuxQuestions.org on (#5SR0N)
I have a Debian 11 server as a PKI soulution for my LAN. The server is setup with dogtag-pki with the following components:
  • CA
  • ACME Responder
The CA itself behaves nicely as far as I know. I can submit CSRs and aprove certificates. Renewal hasent been tested, since I have no need to renew any certificates as of now.

The ACME Responder however have some issues. The entire Tomcat instance running the CA and ACME Responder sometimes crashes if I from a different server runs the certbot command with http-01 validator and multiple domain names towards a webserver. The service have to be manually restarted everytime it crashes.

I have found out that the responder seems to stay stable if I use the --standalone parameter, but not all of my servers can spin up a temporary web server on port 80, since there already is a web server running on that port. I also noticed that I am usually able to use the --webroot parameter if i disable https redirect for .well-known on the web server.

The version of dogtag-pki is 10.10.2-3 on Debian 11.

Anyone knows any workarounds or if this bug should be reported somewhere?

Let me know if more info is needed, thanks in advance.latest?d=yIl2AUoC8zA latest?i=JN1SyIuUEY8:gN_VXJWJtXk:F7zBnMy latest?i=JN1SyIuUEY8:gN_VXJWJtXk:V_sGLiP latest?d=qj6IDK7rITs latest?i=JN1SyIuUEY8:gN_VXJWJtXk:gIN9vFw
External Content
Source RSS or Atom Feed
Feed Location https://feeds.feedburner.com/linuxquestions/latest
Feed Title LinuxQuestions.org
Feed Link https://www.linuxquestions.org/questions/
Reply 0 comments