search

pixielabs / letsencrypt-rails-heroku

Automatic LetsEncrypt SSL certificates in your Rails app on Heroku.
MIT License
220 stars 33 forks source link

Gem refers old ENV? #54

Closed Hiromi-Kai closed 6 years ago

Hiromi-Kai commented 7 years ago

Hello. I use this gem our Rails 4.2 App and try to renew rake script but it didn't work. In my verification, Letsencrypt:: Middleware works but Letsencrypt.challenge_configured? && env["PATH_INFO"] == "/#{Letsencrypt.configuration.acme_challenge_filename}" seems to be false so server returns another result.

Then I use very simple controller method and add route to verify env and run renew rake some times.

  def letsencrypt
    render text: ENV["ACME_CHALLENGE_FILE_CONTENT"]
  end

The result is as shown below, our server refered old ACME_CHALLENGE_FILE_CONTENT. So I guess that the MiddleWare also refers old value. Have you ever seen such case?

$ heroku run rake letsencrypt:renew -a ********
Running rake letsencrypt:renew on ⬢ ********... up, run.7514 (Hobby)
Creating account key...Done!
Registering with LetsEncrypt...Done!
Using ACME_DOMAIN configuration variable...
Performing verification for ***.***.***:
Setting config vars on Heroku...Done!
Testing filename works (to bring up app)...Done!
Giving LetsEncrypt some time to verify...Done!
Problem verifying challenge.
rake aborted!
Letsencrypt::Error::VerificationError: Status: invalid, Error: {"type"=>"urn:acme:error:unauthorized", "detail"=>"The key authorization file from the server did not match this challenge [NbgSCRUJtO6-DK_uQojDybm4nvruVdaxzaWyOLw5ZZk.aaETVAVr5mv8NMB9sFgAWvBxL8QrDZSB-uUgCRnMK40] != [NYd0nWgQKYGtt2V84j4Xb0m3Tv941TmC2aCIklIRjjQ.kRX2BS78i4YJ9v5UJ-jWh0dJz2PDBgK-YgnXc0vm3kQ]", "status"=>403}

$ heroku run rake letsencrypt:renew -a ********
Running rake letsencrypt:renew on ⬢ ********... up, run.8434 (Hobby)
Creating account key...Done!
Registering with LetsEncrypt...Done!
Using ACME_DOMAIN configuration variable...
Performing verification for ***.***.***:
Setting config vars on Heroku...Done!
Testing filename works (to bring up app)...Done!
Giving LetsEncrypt some time to verify...Done!
Problem verifying challenge.
rake aborted!
Letsencrypt::Error::VerificationError: Status: invalid, Error: {"type"=>"urn:acme:error:unauthorized", "detail"=>"The key authorization file from the server did not match this challenge [P0ZV62damtYP7YWVCwolveB0m-T31B0PRhrVkc9Tdi4.0hzKmT2wP3TcBjbuAr2GGm9snoq-UWim1sQ8RfTXOlc] != [NbgSCRUJtO6-DK_uQojDybm4nvruVdaxzaWyOLw5ZZk.aaETVAVr5mv8NMB9sFgAWvBxL8QrDZSB-uUgCRnMK40]", "status"=>403}
jalada commented 7 years ago

That suggests that your app is responding before it has finished rebooting, so is still responding using the old environment variables. That's normally only an issue with Preboot though, which you don't have.

fergyfresh commented 6 years ago

I'm getting this same issue, I've been using heroku run rake letsencrypt:renew for about a year and a half now. Haven't changed any server settings and I am getting the same error, also don't have Preboot.

jalada commented 6 years ago

@fergyfresh as per the README this gem is deprecated in favour of the official Heroku implementation. Are you able to swap to that instead?