acme-plugin icon indicating copy to clipboard operation
acme-plugin copied to clipboard

Published 20 hours ago verified publisher icon lgromanowski

Heroku: Need to run the task twice

Open joallard opened this issue 9 years ago • 12 comments

I've got the following log

$ heroku run rake letsencrypt_plugin -r staging
Running rake letsencrypt_plugin on app... up, run.7682
** [Honeybadger] Starting Honeybadger version 2.3.0 level=1 pid=3
I, [2016-01-15T18:43:43.461890 #3]  INFO -- : Loading private key...
I, [2016-01-15T18:43:43.462301 #3]  INFO -- : Trying to register at Let's Encrypt service...
I, [2016-01-15T18:43:43.806908 #3]  INFO -- : Already registered.
I, [2016-01-15T18:43:43.812663 #3]  INFO -- : Sending authorization request...
I, [2016-01-15T18:43:44.077606 #3]  INFO -- : Storing challenge information...
I, [2016-01-15T18:43:46.602691 #3]  INFO -- : Waiting for challenge status...
E, [2016-01-15T18:43:48.365466 #3] ERROR -- : Challenge verification failed! Error: urn:acme:error:unauthorized: Error parsing key authorization file: Invalid key authorization: 1 parts

The community post, Manual Method: Invalid key authorization: 1 parts suggests a typo, but I doubt this is the case here.

In trying to tackle this, I'm left wondering what went wrong. Maybe a few more log lines showing what challenge we store would be helpful?

joallard avatar Jan 15 '16 19:01 joallard

From reading the code, the challenge won't get stored if there's a output_cert_dir key present in config. Closing in favor of #14 since that's a documentation issue.

joallard avatar Jan 15 '16 19:01 joallard

Actually I just got this in production without the key present. There's really few actionable information in the log.

joallard avatar Jan 15 '16 19:01 joallard

Wait. It works only after I run it a second time. Weird.

joallard avatar Jan 15 '16 19:01 joallard

I wonder if running heroku run touch tmp/restart.txt will help before running heroku run rake letsencrypt_plugin would help?

lgromanowski avatar Jan 18 '16 21:01 lgromanowski

Hey joallard, I'm getting the same error that you were originally getting (Invalid key authorization: 1 parts). Any advice on how to get it to go away? Already tried running it twice:) Here's a step by step of what I've done:

  1. installed the gem
  2. updated the .yml file with my domain and email.
  3. mkdir key and challenges
  4. run rake letsencrypt_plugin:install:migrations and rake db:migrate
  5. openssl genrsa 4096 > key/keyfile.pem
  6. mkdir output_cert_dir
  7. updated rake routes
  8. touch tmp/restart.txt
  9. pushed all of this to heroku
  10. heroku run:detached rake letsencrypt_plugin:install:migrations and rake db:migrate
  11. heroku run:detached touch tmp/restart.txt
  12. heroku run:detached rake letsencrypt_plugin And that's where I'm getting the error.

From heroku logs, I can see that I'm getting close, but it looks like it's not rendering the cert.

2016-01-29T04:14:01.449954+00:00 heroku[router]: at=info method=GET path="/.well-known/acme-challenge/7vB-YpknloyD2XLnpm6pjKJR7vW7xGT5u4bUW6BXn4c" host=alpha.extrara.com request_id=d4958c14-01fe-4291-8903-0f7896a62e91 fwd="66.133.109.36" dyno=web.1 connect=1ms service=7ms status=200 bytes=376

2016-01-29T04:14:01.447803+00:00 app[web.1]: Processing by LetsencryptPlugin::ApplicationController#index as */* 2016-01-29T04:14:01.447818+00:00 app[web.1]: Parameters: {"challenge"=>"7vB-YpknloyD2XLnpm6pjKJR7vW7xGT5u4bUW6BXn4c"}

Error from letsencrypt_plugin: I, [2016-01-29T04:13:58.306854 #3] INFO -- : Trying to register at Let's Encrypt service... I, [2016-01-29T04:13:58.725828 #3] INFO -- : Already registered. I, [2016-01-29T04:13:58.725906 #3] INFO -- : Sending authorization request for: alpha.extrara.com... I, [2016-01-29T04:13:58.876560 #3] INFO -- : Storing challenge information... I, [2016-01-29T04:14:01.040737 #3] INFO -- : Waiting for challenge status... E, [2016-01-29T04:14:02.514946 #3] ERROR -- : Challenge verification failed! Error: urn:acme:error:unauthorized: Error parsing key authorization file: Invalid key authorization: 1 parts 2016-01-29T04:14:03.130136+00:00 heroku[run.4789]: State changed from up to complete 2016-01-29T04:14:03.113450+00:00 heroku[run.4789]: Process exited with status 0

jack-mcgrath avatar Jan 29 '16 04:01 jack-mcgrath

Also, I have noticed that the query SELECT * FROM letsencrypt_plugin_challenges returns no data. Is that an issue? The table is there, it just has no information stored.

jack-mcgrath avatar Jan 29 '16 05:01 jack-mcgrath

Hi, could you please check if opening your web page in a web browser or downloading it by wget after step 11) will help?

lgromanowski avatar Jan 29 '16 06:01 lgromanowski

Just tried that. No luck.

jack-mcgrath avatar Jan 29 '16 06:01 jack-mcgrath

@jack-mcgrath any updates with this?

lifeiscontent avatar Feb 11 '16 09:02 lifeiscontent

Nope, ended up doing the letsencrypt installation process manually.

jack-mcgrath avatar Feb 11 '16 14:02 jack-mcgrath

Anecdotally: upped to 0.0.8, ran the command to make a new cert, ran fine on first try

joallard avatar Apr 15 '16 23:04 joallard

I was working on this tonight and maybe I am not clear on something. When I generate openssl genrsa 4096 > key/keyfile.pem it is sounding like you want that checked into version control and pushed to heroku. Am I understanding that to be correct?

Ok, thought about this for a minute and may go this route. http://www.beardedhacker.com/blog/2014/10/20/load-private-key-to-heroku/

I didn't think I wanted a private key checked into version control, but the instructions were not clear on this for me.

memoht avatar Dec 06 '16 05:12 memoht