I'm trying to figure out how to use let's encrypt with my rails app on heroku.
I've tried several gems which appear to have been designed to help with this process (letsencrypt-plugin)but have removed all of the installation steps those gems recommend because I couldn't get this working.
Now, I'm back to trying to make sense of the tutorials set out here:
http://collectiveidea.com/blog/archives/2016/01/12/lets-encrypt-with-a-rails-app-on-heroku/
I'm not getting far.
I'm trying this again: https://medium.com/should-designers-code/how-to-set-up-ssl-with-lets-encrypt-on-heroku-for-free-266c185630db#.h9vjoxboq
At the moment, the error messages say:
Type: unauthorized
Detail: The key authorization file from the server did not match
this challenge
[first random string.second random string]
!= [#{params[:id]}.ENV["LETS_ENCRYPT_SECOND"]]
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
I have saved LETS_ENCRYPT_SECOND with the 'second random string' in my application.yml.
I don't have any A records in my DNS. I host on heroku - it doesnt give any A records or an IP address. My domain is registered on 123-reg.
I don't understand this part of the instructions:
mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge
cd /tmp/certbot/public_html
printf "%s" first random string.second random string > .well-known/acme-challenge/first random string
run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c \ "import BaseHTTPServer, SimpleHTTPServer; \ s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \ s.serve_forever()"
I perceive them to mean that I need to put each of the above 4 commands into the terminal and then I'm done. I've done that several times but I don't get anywhere with this.
Can anyone help with advice for how to set this up. I'm stuck.
UPDATE
I have removed all the settings I created trying to follow the above guide and tried again with the letsencrypt_plugin gem
Currently, those settings are all configured but, when I try to run rake letsencrypt_plugin, I get an error that says:
Challenge verification failed! Error: urn:acme:error:unknownHost: No valid IP addresses found for www.example.com
I am now unsure whether I'm supposed to put my custom domain name in the letsencrypt_plugin.yml file, or whether I'm supposed to write the heroku app alias name for my custom domain name there.
Also, since the app is hosted on heroku, there is no IP address. My DNS configuration does not have any A records at all (no IP address).
FURTHER UPDATE
I made a completely new rails 5 app. I put it on heroku. I tried the let encrypt_plugin again. This time around, I get an error that says:
heroku run rake letsencrypt_plugin
Running rake letsencrypt_plugin on ⬢ ancient-octopus-78709... up, run.6780 (Hobby)
I, [2016-10-17T07:59:13.985385 #3] INFO -- : Trying to register at Let's Encrypt service...
I, [2016-10-17T07:59:13.985480 #3] INFO -- : Loading private key...
I, [2016-10-17T07:59:14.255357 #3] INFO -- : Acme::Client::Error::Malformed - Registration key is already in use
I, [2016-10-17T07:59:14.256579 #3] INFO -- : Already registered.
I, [2016-10-17T07:59:14.256646 #3] INFO -- : Sending authorization request for: www..com...
I, [2016-10-17T07:59:14.504527 #3] INFO -- : Storing challenge information...
I, [2016-10-17T07:59:16.688404 #3] INFO -- : Waiting for challenge status...
E, [2016-10-17T07:59:18.456415 #3] ERROR -- : Challenge verification failed! Error: urn:acme:error:unauthorized: Invalid response from http://www..com/.well-known/acme-challenge/eAniFLfG_3t5HrD6zbtppzWWYz1Ay76r0GaFHQ62GLI: "<!DOCTYPE html>
We're sorry, but something went wrong (500)
I've recently implemented ssl on heroku (python) using one of the links that you've posted. Let me make sense of the process.
Firstly
- Do you have your own domain name for your site or using the heroku generated domain ? All the links above are for sites with custom domain name, not for heroku default domain name
[name-of-app].herokuapp.com - To have your own domain name follow the procedure described here
- One you have your custom domain name setup follow the above link with
example.comreplaced with--your-domain--name.com
I'll be happy to explain more once you have done the above process
Now that you have a site which you can access at myexample.com which is hosted on heroku
- You have to open a url with route
.well-known/acme-challengeon your rails app. Once you open it and redeploy your rails app you should be able to go to the URLhttp://myexample.com/.well-known/acme-challengeFor now this will display a blank page with no content. - Next go through the manual generation of the ssl certificates specified in the above link with your domain name entered. You should reach a step where you were given a long randomised token
ya6k1edW38z.ebThgg67ggbb...
Now here is the critical part. This is how let's encrypt verifies that you are the actual owner of the domain for which you are generating ssl certificates. It gives you a really random and complex text and asks you to display on a particular route .well-known/acme-challenge on the domain your-domain.com
To accomplish this
- render this token in text format as an output for the
.well-known/acme-challengeroute. Refer to above link for example code - Redeploy your app with these changes
- Now check manually the route
http://myexample.com/.well-known/acme-challenge. This should display the text you got during manual creation in the above step.
Now proceed with the creation process on certbot. This should create the certificates for your domain. Once you got the certificates add them to heroku ssl settings following this link
来源:https://stackoverflow.com/questions/39907302/rails-5-heroku-with-lets-encrypt-ssl-trouble-getting-setup-configured