Open jalada opened 7 years ago
Also breaks the 'live' check, where the code picks the first domain from the heroku.domains
call, which could be a wildcard.
I also ran into this problem. Possible solution to this could be to fix this line to select a hostname that isn't a wildcard instead of the first one?
https://github.com/pixielabs/letsencrypt-rails-heroku/blob/master/lib/tasks/letsencrypt.rake#L56
@kaspernj yup, you're absolutely right! :)
@jalada Would you like me to submit a PR or would you prefer to do it yourself? :-)
@kaspernj PRs are always welcome :star:
@jalada Done :-)
Afaict #45 doesn't resolve this since Let's Encrypt doesn't support wildcard certs. Maybe it'd be good to have a default behavior of filtering the list of domains for non-wildcard domains?
@mrdomino It fixed the problem for me.
I had a configuration with several configured normal domains and a wildcard domain (like in the example in this issue). For some reason the wild card domain was always chosen by letsencrypt-rails-heroku to make the connection test against.
Since the wildcard domain isn't a valid hostname the lookup failed and my certificate wasn't installed correctly.
After using the fix in #45 it worked correctly for me.
Interesting. What domains does the resulting cert say it supports?
@mrdomino All the ones defined in ACME_DOMAIN
. The only difference the change makes, is that instead of taking the first domain in the configured domains on the Heroku app (not ACME_DOMAIN
) it takes on of the configured domains that isn't a wildcard domain.
Original code to choose domain: https://github.com/pixielabs/letsencrypt-rails-heroku/pull/45/files#diff-5afd887c0f3237cdd9f1f479de04e71cL56
New code to choose domain that isn't a wildcard: https://github.com/pixielabs/letsencrypt-rails-heroku/pull/45/files#diff-5afd887c0f3237cdd9f1f479de04e71cR62
Oh, I see, okay.
On Sun, Mar 5, 2017, 11:29 Kasper Johansen notifications@github.com wrote:
@mrdomino https://github.com/mrdomino All the ones defined in ACME_DOMAIN. The only difference the change makes, is that instead of taking the first domain in the configured domains on the Heroku app (not ACME_DOMAIN) it takes on of the configured domains that isn't a wildcard domain.
Original code to choose domain:
New code to choose domain that isn't a wildcard:
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/pixielabs/letsencrypt-rails-heroku/issues/39#issuecomment-284241244, or mute the thread https://github.com/notifications/unsubscribe-auth/AABZ63ojVa2pwNieKxpzvuylLKakyp7nks5riuL0gaJpZM4MJrB9 .
Workaround is to continue to set the
ACME_DOMAIN
variable.