Closed joshkestenberg closed 4 years ago
code block in question:
order.authorizations.each do |authorization|
puts "Performing verification for #{authorization.domain}:"
challenge = authorization.http # THIS RETURNS NIL
print "Setting config vars on Heroku..."
heroku.config_var.update(heroku_app, {
'ACME_CHALLENGE_FILENAME' => challenge.filename, # ERROR OCCURS HERE
'ACME_CHALLENGE_FILE_CONTENT' => challenge.file_content
})
....
(comments of course were added by me)
You need to set your rails secret key in your config In your local env --> grab the contents of master.key e.g 79c1839dd84c2b2e71fc26a75fb69a30 In local terminal
dokku config:set RAILS_MASTER_KEY=79c1839dd84c2b2e71fc26a75fb69a30
Not that your master key will be unique to your app
This is related to the problem I observed in the original implementation of ACME v2 in letsencrypt-rails-heroku here: https://github.com/pixielabs/letsencrypt-rails-heroku/pull/62/files/8097b032b1fec2fd4d257939c490f966290f66b3#r283752933
I'm putting together a PR to fix this - for the time being, there'll just be a pretty error, but in future, there should be a DNS validation.
@mashedkeyboard are you suggesting that cert renewal simply won't work for the time being? Or am I doing something wrong? @weefunker I've added RAILS_MASTER_KEY as a heroku config variable and I'm still seeing the same error.
scratch that. i think i forgot to delete some generated config vars and was encountering issues as a result. working now. thanks a lot!
possible optimization would be to rescue on errors and purge ACME_CHALLENGE_FILENAME and ACME_CHALLENGE_FILE_CONTENT from config vars if they've been created?
I'm actually still bumping into issues with any configuration apart from explicitly setting ENV['ACME_DOMAIN']
to my host name. I've tried omitting the config variable, and using a wildcard subdomain, but only ACME_DOMAIN=[app.com]
is working for me.
Are wildcard subdomains supported? Is any additional configuration required on my end?
I was able to generate a cert but it's not worth much if it doesn't apply to all subdomains.
I see some discussion around this in #59 but am wondering what the current state of things looks like.
Wildcard domains aren't supported currently, no, @joshkestenberg. I did some work on this in #60, but we held off on merging it because wildcard validation requires DNS validation, and that in turn means that, for it to be useful on Heroku, it has to have an automated way of updating your DNS. At the time I wrote the code for #60, CloudFlare were just about to come out with API tokens for their API, rather than the global API keys they'd had up to that point that just allowed access to all aspects of your account, and I decided to hold off for that to turn up before finishing that.
What DNS provider are you using currently? Very happy to look at re-adding support for wildcards - ACME v2 as implemented in letsencrypt-rails-heroku supports it, and I know how to get it working there - it's just a case of me needing to find the time to sit down and put together a PR, and then to be able to test against whatever registrar APIs it ends up interfacing with to make it work. CF is nice and easy, but I don't know much about others.
Hey sorry for the delayed reply.
We're using Namecheap. Right now we just have a slack reminder pinging us to renew our certs. 😦
Hey all, sorry I think I had temporary blindness to GitHub emails about letsencrypt-rails-heroku 😬
It sounds like this issue is actually just 'support wildcard domains via DNS validations'. Is my understanding correct?
I'm closing this issue for now, as #71 fixes the unfriendly error. I'll open a fresh issue re: supporting wildcard domains via DNS validations, but to set expectations, we have no plans to implement it at this time.
Tried both with and without included
ENV['ACME_DOMAIN']
, both with and withoutconfig.force_ssl
and stated middleware config.Any help is appreciated!