1. Expected behavior

If I encounter undocumented problems and solutions, I want to be able to add them to the Wiki.

2. Actual behavior

Wiki pages cannot be edited.

3. Steps to reproduce issue

Go to Wiki and look for edit button. None ;(

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

Doesn't matter, lol... Except that I use Rails 4.x maybe.

Issues

There's little risk in letting people edit the Wiki:

1. Removed content can be restored (by cloning the wiki branch and reverting).
2. Anyone making changes is in the commit history - if someone tries something nasty, you can report them to GitHub staff anyway.
3. Most people using this project are mostly experts with very useful tips - so any mistakes will be spotted quickly and fixed.
4. It doesn't make sense to have issues opened for Wiki entries
5. You can always add disclaimers about the Wiki, etc.
6. People have different setups - and they can add special pages for them anyway.

1. Expected behavior

It just works.

2. Actual behavior

Does not store challenge.

Heroku error:

app[web.1]: Errno::ENOENT (No such file or directory @ rb_sysopen - /app/challenge/challenge):
app[web.1]:   vendor/bundle/ruby/2.3.0/gems/letsencrypt_plugin-0.0.8/app/models/letsencrypt_plugin/challenge.rb:13:in `read'
app[web.1]:   vendor/bundle/ruby/2.3.0/gems/letsencrypt_plugin-0.0.8/app/models/letsencrypt_plugin/challenge.rb:13:in `initialize'
app[web.1]:   vendor/bundle/ruby/2.3.0/gems/letsencrypt_plugin-0.0.8/app/controllers/letsencrypt_plugin/application_controller.rb:20:in `new'
app[web.1]:   vendor/bundle/ruby/2.3.0/gems/letsencrypt_plugin-0.0.8/app/controllers/letsencrypt_plugin/application_controller.rb:20:in `challenge_response'

No challenge file was created:

$ heroku run find /app/challenge/
Running find /app/challenge/ on foobar... up, run.1972
/app/challenge/
/app/challenge/.keep

(.keep was created by me)

3. Steps to reproduce issue

1. Add empty challenge directory.
2. Run heroku run rake letsencrypt_plugin
3. Logs say that challenge is stored, but ...
4. ... no challenge file on remote server

This is because creating files silently fails on heroku (it's a read-only filesystem). The workaround would be to e.g. set challenge_dir_name to something writable like `tmp/challenge' instead or fail with a better error (saying that the challenge should be generated locally and added to git).

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

Relevant part of config:

# (...)
challenge_dir_name: 'challenge'
# (...)

Hi all,

I am trying out letsencrypt-plugin for rails and I run into some trouble in getting things setup by following the instruction on README. Any help would be appreciated.

1. Expected behavior

According to the instruction on README, I should get the following result after running $ rake letsencrypt_plugin

I, [...]  INFO -- : Loading private key...
I, [...  INFO -- : Trying to register at Let's Encrypt service...
I, [...]  INFO -- : Already registered.
I, [,,,]  INFO -- : Sending authorization request...
I, [...]  INFO -- : Storing challenge information...
I, [...]  INFO -- : Waiting for challenge status...
I, [...]  INFO -- : Creating CSR...
I, [...]  INFO -- : Saving certificates and key...
I, [...]  INFO -- : Certificate has been generated.

2. Actual behavior

Note that in the output below, I replace the domain I am actually dealing with with <PARTICULAR_DOMAIN>

I, [...]  INFO -- : Trying to register at Let's Encrypt service...
I, [...]  INFO -- : Loading private key...
I, [...]  INFO -- : Acme::Client::Error::Malformed - Registration key is already in use
I, [...]  INFO -- : Already registered.
I, [...]  INFO -- : Sending authorization request for: <PARTICULAR_DOMAIN>...
I, [...]  INFO -- : Storing challenge information...
I, [...]  INFO -- : Waiting for challenge status...
E, [...] ERROR -- : Challenge verification failed! Error: urn:acme:error:connection: Could not connect to <PARTICULAR_DOMAIN>

3. Steps to reproduce issue

N/A

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

RoR versions: Rails 5.0.1, ruby 2.3.3p222 in rvm 1.28.0.

5. Other references

My sites is on CloudFlare, and I am thinking that this error is actually due to using CloudFlare, as similar question has been asked on letsencrypt forum as well.
However the discussion are based on certbot-auto, and I have no clue how I can apply the technique in this letsncrypt-plugin here.

Please lemme know if there's any workaround to get the thing works. Thanks in advanced!

I'm using ruby 2.3.1 and Rails 5.0.0, but when I include the gem on my gemfile gem 'letsencrypt_plugin', '~> 0.0.8' I get to fetch the 0.0.8 version of the gem, but I'm getting an error saying that it depends on Rails 4.2.5 and even though the gem's gemspec file defines a dependency as Rails 5.1 max, in rubygems the dependency still seems to be 4.2.5

I hope you can check that.

Cheers!

2. Actual behavior

I, [2018-02-15T11:50:48.535695 #6576] INFO -- : Storing challenge information...
I, [2018-02-15T11:50:51.350856 #6576] INFO -- : Waiting for challenge status...
rake aborted!
Faraday::ConnectionFailed: An existing connection was forcibly closed by the remote host.
Caused by:
Errno::ECONNRESET: An existing connection was forcibly closed by the remote host.

3. Steps to reproduce issue

Followed the installation steps to the T

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

ruby 2.3.3p222 (2016-11-21 revision 56859) [i386-mingw32]
Rails 5.0.6
OS: Windows 7

Hi,

For those of us using MongoDB (i.e. a non-ActiveRecord DB), the current method of challenge response doesn't work.

Can you introduce a mode to simply store the response in the filesystem instead? There's no real advantage to hosting this data in the DB -- it won't be accessed or changed often, there's no need for concurrent read/write, etc...

I can do the work if you'd like.

Please use markdown formatting for code, configuration or console output.

1. Expected behavior

I finished the steps in the installation guide. I'm now trying to run heroku run rake letsencrypt_plugin

2. Actual behavior

I get an error that says:

rake aborted!
Acme::Client::Error::Malformed: Invalid character in DNS name

3. Steps to reproduce issue

I cant find anyone with a similar error, except those using the heroku version of another lets encrypt gem - who at the time, had an issue because multiple domains were not supported by that gem.

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

Rails 5, Ruby 2.3.1, I have this gem in my gemfile

I'm trying to understand Part 2a of the installation instructions.

It says: Please bear in mind that if you would like to generate certificate for multiple domains than you have to create symlinks between sub-domains and main domain www directory. For example:

What does it mean?

1. Expected behaviour

I expect to see an example of how to follow the steps described.

2. Actual behavior

I can see a diagram although I don't know what it represents or how I'm supposed to complete this step of the instructions.

3. Steps to reproduce issue

See step 2a of the installation instructions

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

Rails 5, Ruby 2.3.1., this gem is in the gem file

Any reason why this can't run on ruby 2.3?

I've created the YML file in config and created the keyfile.pem and certificates folders.

When I run rake letsencrypt_plugin:install:migrations, this is the output:

rake aborted!
SyntaxError: /Library/Ruby/Gems/2.0.0/gems/acme-client-0.2.4/lib/acme/client.rb:12: syntax error, unexpected ','
def initialize(private_key:, endpoint: DEFAULT_ENDPOINT, ...

Please use markdown formatting for code, configuration or console output.

1. Expected behaviour

I created a brand new rails 5 app, using heroku. The only things in this app those created by following the plugin installation instructions.

I saw the comments in issue 14, and I'm unsure if step 5 should be ignored if you use heroku. I tried using it and I tried again after deleting that directory. The error message I get is the same in both cases.

2. Actual behavior

When I try heroku run rake letsencrypt_plugin, I get an error that says:

heroku run rake letsencrypt_plugin
Running rake letsencrypt_plugin on ⬢ ancient-octopus-78709... up, run.6780 (Hobby)
I, [2016-10-17T07:59:13.985385 #3] INFO -- : Trying to register at Let's Encrypt service...
I, [2016-10-17T07:59:13.985480 #3] INFO -- : Loading private key...
I, [2016-10-17T07:59:14.255357 #3] INFO -- : Acme::Client::Error::Malformed - Registration key is already in use
I, [2016-10-17T07:59:14.256579 #3] INFO -- : Already registered.
I, [2016-10-17T07:59:14.256646 #3] INFO -- : Sending authorization request for: www..com...
I, [2016-10-17T07:59:14.504527 #3] INFO -- : Storing challenge information...
I, [2016-10-17T07:59:16.688404 #3] INFO -- : Waiting for challenge status...
E, [2016-10-17T07:59:18.456415 #3] ERROR -- : Challenge verification failed! Error: urn:acme:error:unauthorized: Invalid response from http://www..com/.well-known/acme-challenge/eAniFLfG_3t5HrD6zbtppzWWYz1Ay76r0GaFHQ62GLI: "

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

Rails 5, Ruby 2.3.1 & this gem.

Please use markdown formatting for code, configuration or console output.

1. Expected behavior

2.6.1 :001 > r = Rails.application.routes
 => #<ActionDispatch::Routing::RouteSet:0x00005649b37e8a58>
2.6.1 :002 > r.recognize_path "/.well-known/acme-challenge/lyQnV4QydflZ6px3YqoaFQupRAOeew69SSMv27nBRkc"
 => {:controller=>"acme_plugin/application", :action=>"index", :challenge=>"lyQnV4QydflZ6px3YqoaFQupRAOeew69SSMv27nBRkc"}

2. Actual behavior

Loading production environment (Rails 5.2.3)
2.6.1 :001 > r = Rails.application.routes
 => #<ActionDispatch::Routing::RouteSet:0x00005637a8726a38>
2.6.1 :002 > r.recognize_path "/.well-known/acme-challenge/lyQnV4QydflZ6px3YqoaFQupRAOeew69SSMv27nBRkc"
Traceback (most recent call last):
        1: from (irb):2
ActionController::RoutingError (No route matches "/.well-known/acme-challenge/lyQnV4QydflZ6px3YqoaFQupRAOeew69SSMv27nBRkc")

3. Steps to reproduce issue

install gem rails 5.2.3

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

rails 5.2.3, ruby 2.6.1

downgrading to rails 5.2.0 solves problem

Please use markdown formatting for code, configuration or console output.

1. Expected behaviour

I've stepped away from this for a day, calmed down and am trying again.

When I went through the steps again (I found an issue telling me to mkdir key before generating the key) which seems to have solved part of my problem, but now when i try to run: heroku run rake letsencrypt_plugin, i expect to see the results as shown in the gem's read.

2. Actual behavior

Instead, I get:

Trying to register at Let's Encrypt service...
I, [2016-10-06T21:49:21.020022 #3] INFO -- : Loading private key...
I, [2016-10-06T21:49:21.340619 #3] INFO -- : Acme::Client::Error::Malformed - Registration key is already in use
I, [2016-10-06T21:49:21.340704 #3] INFO -- : Already registered.
I, [2016-10-06T21:49:21.340744 #3] INFO -- : Sending authorization request for: <%=...
rake aborted!
Acme::Client::Error::Malformed: Invalid character in DNS name

3. Steps to reproduce issue

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

Rails 5, Ruby 2.3.1 and this gem is in the gem file. I would love to figure this out. It's driving me crazy.

For trademark reasons we cannot allow ACME clients to use our service's name (Let's Encrypt) in their name. Among other things, it can introduce confusion as to whether the client comes from us or someone else. We recommend you use the term "ACME" instead, in reference to the protocol implemented by your client. The term "ACME" is better because there are no trademark issues and the protocol is not specific to our CA so your client should work with other ACME-enabled CAs in the future.

I know this can be a pain but thanks for understanding.

I've got the following log

$ heroku run rake letsencrypt_plugin -r staging
Running rake letsencrypt_plugin on app... up, run.7682
** [Honeybadger] Starting Honeybadger version 2.3.0 level=1 pid=3
I, [2016-01-15T18:43:43.461890 #3]  INFO -- : Loading private key...
I, [2016-01-15T18:43:43.462301 #3]  INFO -- : Trying to register at Let's Encrypt service...
I, [2016-01-15T18:43:43.806908 #3]  INFO -- : Already registered.
I, [2016-01-15T18:43:43.812663 #3]  INFO -- : Sending authorization request...
I, [2016-01-15T18:43:44.077606 #3]  INFO -- : Storing challenge information...
I, [2016-01-15T18:43:46.602691 #3]  INFO -- : Waiting for challenge status...
E, [2016-01-15T18:43:48.365466 #3] ERROR -- : Challenge verification failed! Error: urn:acme:error:unauthorized: Error parsing key authorization file: Invalid key authorization: 1 parts

The community post, Manual Method: Invalid key authorization: 1 parts suggests a typo, but I doubt this is the case here.

In trying to tackle this, I'm left wondering what went wrong. Maybe a few more log lines showing what challenge we store would be helpful?

Once I add the gem to my gemfile i'm getting the following error from Faraday when trying to run the rails server, run generators/etc. Stack trace below but i'm using Ruby 2.2.3 and Rails 4.2.5.

/Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/faraday-0.9.2/lib/faraday.rb:99:in`method_missing': undefined method `register_middleware' for #<Faraday::Connection:0x007f9deb6ae178> (NoMethodError)
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/balanced-0.7.4/lib/balanced/client.rb:41:in`build_conn'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/balanced-0.7.4/lib/balanced/client.rb:30:in `initialize'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/balanced-0.7.4/lib/balanced.rb:29:in`new'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/balanced-0.7.4/lib/balanced.rb:29:in `configure'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/balanced-0.7.4/lib/balanced.rb:86:in`module:Balanced'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/balanced-0.7.4/lib/balanced.rb:11:in `<top (required)>'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@global/gems/bundler-1.10.6/lib/bundler/runtime.rb:76:in`require'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@global/gems/bundler-1.10.6/lib/bundler/runtime.rb:76:in `block (2 levels) in require'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@global/gems/bundler-1.10.6/lib/bundler/runtime.rb:72:in`each'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@global/gems/bundler-1.10.6/lib/bundler/runtime.rb:72:in `block in require'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@global/gems/bundler-1.10.6/lib/bundler/runtime.rb:61:in`each'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@global/gems/bundler-1.10.6/lib/bundler/runtime.rb:61:in `require'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@global/gems/bundler-1.10.6/lib/bundler.rb:134:in`require'
  from /Users/xxxx/Dropbox/xxxx/DBL/dev/2013/2012_02_boab/proj_2013/config/application.rb:11:in `<top (required)>'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/railties-4.2.5/lib/rails/commands/commands_tasks.rb:78:in`require'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/railties-4.2.5/lib/rails/commands/commands_tasks.rb:78:in `block in server'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/railties-4.2.5/lib/rails/commands/commands_tasks.rb:75:in`tap'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/railties-4.2.5/lib/rails/commands/commands_tasks.rb:75:in `server'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/railties-4.2.5/lib/rails/commands/commands_tasks.rb:39:in`run_command!'
  from /Users/xxxx/.rvm/gems/ruby-2.2.3@proj_2015/gems/railties-4.2.5/lib/rails/commands.rb:17:in `<top (required)>'
  from bin/rails:8:in`require'
  from bin/rails:8:in `<main>'

When writing the letsencrypt_plugin.yml file it seems to not like the dynamically created array:

1. Expected behavior

Running rake letsencrypt_plugin outputs

I, [2016-09-24T08:49:40.761340 #4162]  INFO -- : Trying to register at Let's Encrypt service...
I, [2016-09-24T08:49:40.761411 #4162]  INFO -- : Loading private key...
I, [2016-09-24T08:49:41.796374 #4162]  INFO -- : Acme::Client::Error::Malformed - Registration key is already in use
I, [2016-09-24T08:49:41.796482 #4162]  INFO -- : Already registered.
(etc)

2. Actual behavior

Running rake letsencrypt_plugin outputs:

Psych::SyntaxError: (/Users/simon/src/openfarm/OpenFarm/config/letsencrypt_plugin.yml): did not find expected key while parsing a block mapping at line 2 column 3
/Users/simon/src/openfarm/OpenFarm/config/environment.rb:17:in `<top (required)>'
Tasks: TOP => letsencrypt_plugin => setup_logger => environment

3. Steps to reproduce issue

1. Set config file to:

default: &default
  endpoint: 'https://acme-v01.api.letsencrypt.org/'
  email: '[email protected]'
  domain: '<%= ['openfarm.cc', 'www.openfarm.cc', 'blog.openfarm.cc'].join(' ') %>'

  # in Rails.root, path to private key
  private_key: 'key/keyfile.pem'

  # in Rails.root, path where certificates
  # will be stored (on Heroku this variable is ignored)
  output_cert_dir: 'certificates'

  # in Rails.root, path where challenge token
  # will be stored in case when DB will not be used
  challenge_dir_name: 'challenge'

production:
  <<: *default

development:
  <<: *default

test:
  <<: *default

1. Set up directories as per the instructions.
2. Run rake letsencrypt_plugin

Changing the domain to be: domain: 'openfarm.cc www.openfarm.cc blog.openfarm.cc'

gets past that first bump, though now I'm getting the error saying that I am getting an invalid response, and that's probably because I'm running the script on my local rather than on Heroku. Maybe that's the reason that the rake job fails?

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

source 'https://rubygems.org'

ruby '2.2.5'

gem 'bundler', '>= 1.7.0'

gem 'rails', '~> 4.2.0'

# Foundation
gem 'foundation-rails', '~> 5.4.5'
gem 'sass-rails', '~> 4.0.4'
gem 'compass-rails', '~> 2.0.0'
gem 'font-awesome-sass'
gem 'uglifier', '>= 1.3.0'
gem 'coffee-rails'
gem 'therubyracer', platforms: :ruby
gem 'jquery-rails'
gem 'bcrypt'
gem 'mongoid-paperclip', require: 'mongoid_paperclip'
gem 'mongoid-slug'
gem 'aws-sdk'
gem 'aws-sdk-rails'
gem 'mutations'
gem 'rack-attack'
gem 'impressionist'
gem 'rack-cors', require: 'rack/cors'
gem 'delayed_job_mongoid'
gem 'delayed_job_shallow_mongoid'
gem 'activejob_backport'
gem 'patron' # For searchKick
gem 'searchkick'
gem 'pundit'
gem 'eventmachine'
gem 'merit'
gem 'gibbon', '~> 1.1.5'
gem 'jsonapi-serializers', '~> 0.2.4'
gem 'mongoid-history'

gem 'utf8-cleaner'

gem 'bson_ext'
gem 'mongoid', '~>4.0.2'
gem 'active_model_serializers'

# LETS ENCRYPT!
gem 'letsencrypt_plugin'

# Asset management using bower
# https://rails-assets.org/
source 'https://rails-assets.org' do
  gem 'rails-assets-jquery', '~> 2.2.1'
  gem 'rails-assets-jquery-ui', '~> 1.11.4'
  gem 'rails-assets-angular', '~> 1.5.0'
  gem 'rails-assets-angular-dragdrop', '~> 1.0.13'
  gem 'rails-assets-angular-foundation', '~> 0.8.0'
  gem 'rails-assets-angular-ui-sortable', '~> 0.13.4'
  gem 'rails-assets-angular-local-storage', '~> 0.2.3'
  gem 'rails-assets-angular-typeahead', '~> 0.3.1'
end

group :development, :test do
  gem 'coveralls', require: false
  gem 'quiet_assets'
  gem 'better_errors'
  gem 'rspec-rails'
  gem 'pry'
  gem 'pry-nav'
  gem 'launchy'
  gem 'factory_girl_rails'
  gem 'faker'
end

group :test do
  gem 'test-unit'
  gem 'smarf_doc'
  gem 'capybara'
  gem 'capybara-angular'
  gem 'poltergeist'
  gem 'phantomjs', '>= 1.8.1', :require => 'phantomjs/poltergeist'
  gem 'simplecov'
  gem 'database_cleaner', '~> 1.3.0'
  gem 'vcr'
  gem 'webmock'
end

group :development do
  gem 'rubocop'
  gem "letter_opener"
end

group :production, :staging do
  gem 'thin'
  gem 'exception_notification'
  gem 'rails_12factor'
  # https://github.com/heroku/rack-timeout
  gem 'rack-timeout'
end

#Used for static pages in /app/views/pages
gem 'high_voltage'
gem 'devise', '~> 4.2.0'
gem 'rails_admin'
gem 'ng-rails-csrf'

If someone breaches the source code, they will be able to generate a new SSL certificate. That seems like an issue.

Is there a way to avoid doing that with this plugin?

Thank you :-)

Please use markdown formatting for code, configuration or console output.

1. Expected behavior

In step 3, I tried to rake db:migrate and expected the migrations to run

2. Actual behavior

Psych::SyntaxError: (/Users/ooo/config/letsencrypt_plugin.yml): did not find expected key while parsing a block mapping at line 2 column 3

3. Steps to reproduce issue

So far, I have setup my config as shown in your readme - but I'm getting stuck at Step 3. I cant run the migrations.

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

Ruby v 2.3.1; Rails 5, gemfile includes this gem.

I am trying to figure out how to use lets encrypt to add SSL to my heroku app.

I have been struggling to figure this out for a few months - using this gem and other methods.

I can't currently render my page using my custom domain name.

1. Expected behaviour

When I try to check the application is serving your certificate by running:

openssl s_client -connect www.mycustomdomainname.com.herokudns.com:443 -servername www.mycustomdomainname.com

I get:

verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /CN=www.mycustomdomainname.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /CN=www.mycustomdomainname.com
verify error:num=21:unable to verify the first certificate
verify return:1

2. Actual behavior

penssl s_client -connect www.mycustomdomainname.com.herokudns.com:443 -servername www.mycustomdomainname.com
CONNECTED(00000003)
CONNECTED(00000003)
depth=0 /CN=www.mycustomdomainname.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /CN=www.mycustomdomainname.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /CN=www.mycustomdomainname.com
verify error:num=21:unable to verify the first certificate
verify return:1

I can then see:

Certificate chain
0 s:/CN=www.mycustomdomain.com

i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

Server certificate
-----BEGIN CERTIFICATE----- [which then is followed by the cert]

subject=/CN=www.mycustomdomainname.com

issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

No client certificate CA names sent

SSL handshake has read 1459 bytes and written 452 bytes

The last lines of the log read:

Verify return code: 21 (unable to verify the first certificate)

read:errno=0

3. Steps to reproduce issue

I followed the installation instructions as amended by last issue notes.

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

Rails 5, Ruby 2.3.1, this gem

Thanks so much for your help

My rails site creates a dynamic sub-domain for every new client-
Is it possible to also, dynamically add a sub-domain? or make it accept all (sub)domains without manually adding them to Rails.root/config/letsencrypt_plugin.yml file?

1. Expected behavior

Enabling ALL sub-domains. something like *.example.com.

2. Actual behavior

As written in 2a:
For every new (sub)domain add them separated by space to Rails.root/config/letsencrypt_plugin.yml
domain: example.com www.example.com other.example.com

Thank you

How to renew a cert, is there instruction ? Or do it again as the Usage instruction ?

When I run the command
heroku run rake letsencrypt_plugin RAILS_ENV=production

The output is correct like the Readme, but heroku does not save the files generated, so I can not get the CSR/key files ...

There is a question for heroku file system. http://stackoverflow.com/questions/21465789/how-can-i-download-a-file-from-heroku-bash

There are a hand full of empty spots like assets, the application template that appear somewhat unnecessary. I would happy to remove those but that got me thinking, why don't we pull the scope of the gem into lets-encrypt interactions. We could then either have a directory of integrations (starting with Rails) to wire it up to frameworks or the framework integrations could be their own gem?

To me that clarifies testing, and widens the ability for this gem to help people.

Please use markdown formatting for code, configuration or console output.

1. Expected behaviour

When I run: rake letsencrypt_plugin, I expect the challenge files to pass.

2. Actual behavior

Challenge verification failed! Error: urn:acme:error:unknownHost: No valid IP addresses found

3. Steps to reproduce issue

I have a DNS registered with 123-reg and am using heroku for hosting. Heroku doesnt provide an IP address. I have no A records on my DNS. I have a CNAME only (pointing to the heroku alias for my domain).

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

Rails 5, Ruby 2.3.1, this gem is in the gem file

1. Expected behavior

Visiting /.well-known/acme-challenge/y7HlW6w374Fom8VDkic8mk9LqWXKotNVjNo7Wc1Lo1E renders a challenge token

2. Actual behavior

Visiting /.well-known/acme-challenge/y7HlW6w374Fom8VDkic8mk9LqWXKotNVjNo7Wc1Lo1E renders an empty string (status 200)

3. Steps to reproduce issue

Install letsencrypt-plugin per directions
Run rake letsencrypt-plugin
Receive Challenge verification failed! Error: urn:acme:error:unauthorized: Invalid response exception
Visit the URL letsencrypt's server tried to visit
Receive empty string

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

rails 5.0.0
ruby 2.3.0
letsencrypt_plugin 0.0.9
challenge_dir_name: ''

Otherwise I get the error
No such file or directory @ rb_sysopen - /Users/.../invest/config/letsencrypt_plugin.yml

I just think README.md should be updated.

1. Expected behavior

I expect the challenge verification to succeed.

2. Actual behavior

Instead I get this error message:

ERROR -- : Challenge verification failed! Error: urn:acme:error:unauthorized: Invalid response from http://myapp.com/.well-known/acme-challenge/my_id 404

3. Steps to reproduce issue

I've followed the Getting Started instructions. This happens, I think, because Rails doesn't like dots at the base of the path.

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

source 'http://rubygems.org'
ruby '2.2.2'

gem 'rails', '4.2.6'

There should be more tests for interaction with acme server and saving certificates, probably with mocks for acme client (mocha).

1. Expected behavior

I, [2015-12-06T17:28:15.582308 #25931] INFO -- : Loading private key...
I, [2015-12-06T17:28:15.582592 #25931] INFO -- : Trying to register at Let's Encrypt service...
I, [2015-12-06T17:28:16.381682 #25931] INFO -- : Already registered.
I, [2015-12-06T17:28:16.381749 #25931] INFO -- : Sending authorization request...
I, [2015-12-06T17:28:16.646616 #25931] INFO -- : Storing challenge information...
I, [2015-12-06T17:28:18.193827 #25931] INFO -- : Waiting for challenge status...
I, [2015-12-06T17:28:21.643566 #25931] INFO -- : Creating CSR...
I, [2015-12-06T17:28:22.173471 #25931] INFO -- : Saving certificates and key...
I, [2015-12-06T17:28:22.174312 #25931] INFO -- : Certificate has been generated.

2. Actual behavior

rake letsencrypt_plugin
I, [2018-02-14T16:01:35.519301 #10104] INFO -- : Trying to register at Let's Encrypt service...
I, [2018-02-14T16:01:35.674310 #10104] INFO -- : NoMethodError - undefined method private_key' for nil:NilClass Did you mean? private_methods. Already registered. I, [2018-02-14T16:01:35.674310 #10104] INFO -- : Sending authorization request for: www.cryptosuffer.com... rake aborted! NoMethodError: undefined method private_key' for nil:NilClass Did you mean? private_methods
Tasks: TOP => letsencrypt_plugin
(See full trace by running task with --trace)

3. Steps to reproduce issue

"letsencrypt_plugin.yml
default: &default
endpoint: 'https://acme-v01.api.letsencrypt.org/'
email: '[email protected]'
domain: "<%= ['www.mywebsite.com'].join(' ') %>"
private_key: 'key/keyfile.pem'
private_key_in_db: true
output_cert_dir: 'certificates'
production:
cert_name: 'production'
<<: *default
development:
cert_name: 'development'
<<: *default
test:
cert_name: 'test'
<<: *default
keyfile.pem generated, rake db:migrate, tables present in database"

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

Ruby - ruby 2.3.3p222 (2016-11-21 revision 56859) [i386-mingw32]
Rails - Rails 5.0.6
Openssl - OpenSSL 1.1.0g 2 Nov 2017
OS - Windows 7

I'm writing a heroku application, wanting to test this local first before doing it on heroku.

Gemfile

source 'https://rubygems.org'
gem 'impressionist'
gem 'clockwork', '> 1.2'
gem 'letsencrypt_plugin'
gem 'rufus-scheduler', '> 3.2'
gem 'chart', '> 0.1.4.9'
gem "font-awesome-rails"
gem 'json', '> 1.8', '>= 1.8.3'
gem 'coinmarketcap'
gem 'certified', '> 1.0'
gem 'foreman', '> 0.84.0'
gem 'bootstrap-sass', '> 3.3', '>= 3.3.7'
gem 'will_paginate', '> 3.1.0'
gem 'acts_as_votable', '> 0.10.0'
gem 'paperclip', '> 4.3', '>= 4.3.6'
gem 'devise', '> 4.2'
gem 'record_tag_helper', '> 1.0'
gem 'simple_form', '> 3.2', '>= 3.2.1'
gem 'coffee-script-source', '> 1.8.0'
gem 'rails', '> 5.0.0', '>= 5.0.0.1'
gem 'pg', '> 0.18'
gem 'puma', '> 3.0'
gem 'sass-rails', '> 5.0'
gem 'uglifier', '>= 1.3.0'
gem 'coffee-rails', '> 4.2'
gem 'jquery-rails'
gem 'turbolinks', '> 5'
gem 'jbuilder', '~> 2.5'
group :development, :test do
gem 'byebug', platform: :mri
end

group :development do
gem 'web-console'
end

gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]

Gemfile.lock

GEM
remote: https://rubygems.org/
specs:
acme-client (0.6.2)
faraday (> 0.9, >= 0.9.1)
actioncable (5.0.6)
actionpack (= 5.0.6)
nio4r (>= 1.2, < 3.0)
websocket-driver (> 0.6.1)
actionmailer (5.0.6)
actionpack (= 5.0.6)
actionview (= 5.0.6)
activejob (= 5.0.6)
mail (> 2.5, >= 2.5.4)
rails-dom-testing (> 2.0)
actionpack (5.0.6)
actionview (= 5.0.6)
activesupport (= 5.0.6)
rack (> 2.0)
rack-test (> 0.6.3)
rails-dom-testing (> 2.0)
rails-html-sanitizer (> 1.0, >= 1.0.2)
actionview (5.0.6)
activesupport (= 5.0.6)
builder (> 3.1)
erubis (> 2.7.0)
rails-dom-testing (> 2.0)
rails-html-sanitizer (> 1.0, >= 1.0.3)
activejob (5.0.6)
activesupport (= 5.0.6)
globalid (>= 0.3.6)
activemodel (5.0.6)
activesupport (= 5.0.6)
activerecord (5.0.6)
activemodel (= 5.0.6)
activesupport (= 5.0.6)
arel (> 7.0)
activesupport (5.0.6)
concurrent-ruby (> 1.0, >= 1.0.2)
i18n (> 0.7)
minitest (> 5.1)
tzinfo (> 1.1)
acts_as_votable (0.10.0)
arel (7.1.4)
autoprefixer-rails (7.2.5)
execjs
bcrypt (3.1.11-x86-mingw32)
bindex (0.5.0)
bootstrap-sass (3.3.7)
autoprefixer-rails (>= 5.2.1)
sass (>= 3.3.4)
builder (3.2.3)
certified (1.0.0)
chart (0.1.4.9)
rails
climate_control (0.2.0)
clockwork (1.3.1)
activesupport
tzinfo
cocaine (0.5.8)
climate_control (>= 0.0.3, < 1.0)
coffee-rails (4.2.2)
coffee-script (>= 2.2.0)
railties (>= 4.0.0)
coffee-script (2.4.1)
coffee-script-source
execjs
coffee-script-source (1.8.0)
coinmarketcap (0.2.4)
httparty
nokogiri
concurrent-ruby (1.0.5)
crass (1.0.3)
devise (4.4.0)
bcrypt (> 3.0)
orm_adapter (> 0.1)
railties (>= 4.1.0, < 5.2)
responders
warden (> 1.2.3)
erubis (2.7.0)
et-orbi (1.0.9)
tzinfo
execjs (2.7.0)
faraday (0.14.0)
multipart-post (>= 1.2, < 3)
ffi (1.9.18-x86-mingw32)
font-awesome-rails (4.7.0.3)
railties (>= 3.2, < 5.2)
foreman (0.84.0)
thor (> 0.19.1)
globalid (0.4.1)
activesupport (>= 4.2.0)
httparty (0.13.7)
json (> 1.8)
multi_xml (>= 0.5.2)
i18n (0.9.3)
concurrent-ruby (> 1.0)
impressionist (1.6.0)
nokogiri (> 1)
jbuilder (2.7.0)
activesupport (>= 4.2.0)
multi_json (>= 1.2)
jquery-rails (4.3.1)
rails-dom-testing (>= 1, < 3)
railties (>= 4.2.0)
thor (>= 0.14, < 2.0)
json (1.8.6)
letsencrypt_plugin (0.0.10)
acme-client (> 0.6.1)
rails (>= 4.2)
loofah (2.1.1)
crass (> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.0)
mini_mime (>= 0.1.1)
method_source (0.9.0)
mime-types (3.1)
mime-types-data (> 3.2015)
mime-types-data (3.2016.0521)
mimemagic (0.3.0)
mini_mime (1.0.0)
mini_portile2 (2.3.0)
minitest (5.11.1)
multi_json (1.13.1)
multi_xml (0.6.0)
multipart-post (2.0.0)
nio4r (2.2.0)
nokogiri (1.8.1-x86-mingw32)
mini_portile2 (> 2.3.0)
orm_adapter (0.5.0)
paperclip (4.3.7)
activemodel (>= 3.2.0)
activesupport (>= 3.2.0)
cocaine (> 0.5.5)
mime-types
mimemagic (= 0.3.0)
pg (0.21.0-x86-mingw32)
puma (3.11.2)
rack (2.0.3)
rack-test (0.6.3)
rack (>= 1.0)
rails (5.0.6)
actioncable (= 5.0.6)
actionmailer (= 5.0.6)
actionpack (= 5.0.6)
actionview (= 5.0.6)
activejob (= 5.0.6)
activemodel (= 5.0.6)
activerecord (= 5.0.6)
activesupport (= 5.0.6)
bundler (>= 1.3.0)
railties (= 5.0.6)
sprockets-rails (>= 2.0.0)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.0.3)
loofah (> 2.0)
railties (5.0.6)
actionpack (= 5.0.6)
activesupport (= 5.0.6)
method_source
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rake (12.3.0)
rb-fsevent (0.10.2)
rb-inotify (0.9.10)
ffi (>= 0.5.0, < 2)
record_tag_helper (1.0.0)
actionview (> 5.x)
responders (2.4.0)
actionpack (>= 4.2.0, < 5.3)
railties (>= 4.2.0, < 5.3)
rufus-scheduler (3.4.2)
et-orbi (> 1.0)
sass (3.5.5)
sass-listen (> 4.0.0)
sass-listen (4.0.0)
rb-fsevent (> 0.9, >= 0.9.4)
rb-inotify (> 0.9, >= 0.9.7)
sass-rails (5.0.7)
railties (>= 4.0.0, < 6)
sass (> 3.1)
sprockets (>= 2.8, < 4.0)
sprockets-rails (>= 2.0, < 4.0)
tilt (>= 1.1, < 3)
simple_form (3.5.0)
actionpack (> 4, < 5.2)
activemodel (> 4, < 5.2)
sprockets (3.7.1)
concurrent-ruby (> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.1)
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
thor (0.19.4)
thread_safe (0.3.6)
tilt (2.0.8)
turbolinks (5.1.0)
turbolinks-source (> 5.1)
turbolinks-source (5.1.0)
tzinfo (1.2.4)
thread_safe (~> 0.1)
tzinfo-data (1.2017.3)
tzinfo (>= 1.0.0)
uglifier (4.1.4)
execjs (>= 0.3.0, < 3)
warden (1.2.7)
rack (>= 1.0)
web-console (3.5.1)
actionview (>= 5.0)
activemodel (>= 5.0)
bindex (>= 0.4.0)
railties (>= 5.0)
websocket-driver (0.6.5)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.3)
will_paginate (3.1.6)

PLATFORMS
x86-mingw32

DEPENDENCIES
acts_as_votable (> 0.10.0)
bootstrap-sass (> 3.3, >= 3.3.7)
byebug
certified (> 1.0)
chart (> 0.1.4.9)
clockwork (> 1.2)
coffee-rails (> 4.2)
coffee-script-source (> 1.8.0)
coinmarketcap
devise (> 4.2)
font-awesome-rails
foreman (> 0.84.0)
impressionist
jbuilder (> 2.5)
jquery-rails
json (> 1.8, >= 1.8.3)
letsencrypt_plugin
paperclip (> 4.3, >= 4.3.6)
pg (> 0.18)
puma (> 3.0)
rails (> 5.0.0, >= 5.0.0.1)
record_tag_helper (> 1.0)
rufus-scheduler (> 3.2)
sass-rails (> 5.0)
simple_form (> 3.2, >= 3.2.1)
turbolinks (> 5)
tzinfo-data
uglifier (>= 1.3.0)
web-console
will_paginate (~> 3.1.0)

BUNDLED WITH
1.16.1

I'm under the impression that this gem won't work with MongoDB on Heroku: #39 because Heroku is a read-only file system and this either requires the challenge directory or ActiveRecord?

Related because I can't create files on Heroku - (or unrelated, I'm not sure?) I can't figure out how to make the private key available on Heroku without checking it into the source code. I don't think checking it into the source code is the right way to go, but we're an open source app, so...

I am putting changes live to a site which includes this plugin (v0.0.7) for the first time.

There are instructions in the wiki to "create symlinks between sub-domains and main domain www directory", which I don't understand.

1. Expected behavior

The certificate covers both newmarketscientific.com and www.newmarketscientific.com.

2. Actual behavior

https://newmarketscientific.com works fine, but https://www.newmarketscientific.com does not:-

"The owner of www.newmarketscientific.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

www.newmarketscientific.com uses an invalid security certificate. The certificate is only valid for newmarketscientific.com"

3. Steps to reproduce issue

Put my code live (inc required empty folders, etc)
run openssl genrsa 4096 > key/keyfile.pem
run rake letsencrypt_plugin
...which runs fine.

However, I don't understand what I need to do re the following instruction in the wiki under "2a. Multiple domains":-

Please bear in mind that if you would like to generate certificate for multiple domains than you have to create symlinks between sub-domains and main domain www directory. For example:

+---- /var/www 
            |
            + --- example.com
                  ^  ^
                  |  |
                  |  + --- other1.example.com
                  |
                  + --- other2.example.com

It is because challenge verification is handled by the domain where the letsencrypt_plugin script has been installed and run

This is my nginx configuration:-

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        passenger_enabled on;
        root /home/rails/nkts_git/public;

        passenger_app_env production;

        index index.html index.htm index.nginx-debian.html;

        server_name newmarketscientific.com;
        ssl_certificate     /home/rails/nkts_git/certificates/newmarketscientific.com-fullchain.pem;
        ssl_certificate_key /home/rails/nkts_git/certificates/newmarketscientific.com-key.pem;

        client_max_body_size 100m;
        client_body_timeout 300s;

}

4. Your configuration (ruby, rails version, your Gemifile and Gemfile.lock files etc.)

Ruby 2.1.7 via rbenv
Rails 4.2.5

My gemfile:-

source 'https://rubygems.org'

gem 'rake', '~> 10.4.2'
gem 'rails', '~> 4.2.5'
gem 'sass-rails', '~> 5.0.3'
gem 'coffee-rails', '~> 4.1.0'
gem 'uglifier', '~> 2.7.1' 
gem 'jquery-rails', '~> 3.1.3'
gem 'jquery-turbolinks', '~> 2.1.0'
gem 'turbolinks', '~> 2.5.3'
gem 'mysql2', '~> 0.3.19'
gem 'nokogiri', '~> 1.6.6.2'
gem 'paperclip', '~> 4.3.0'
gem 'devise', '~> 3.5.1'
gem 'ransack', '~> 1.6.6'
gem 'will_paginate', '~> 3.0.7'
gem 'i18n', '~> 0.7.0'
gem 'tinymce-rails', '~> 4.3.8'
gem 'posix-spawn', '~> 0.3.11'
gem 'letsencrypt_plugin', '~> 0.0.7'
gem 'audited-activerecord', '~> 4.0'

group :development do
  gem 'ruby-debug-ide'
  gem 'debase'
end

group :development, :test do
  gem 'web-console', '~> 2.0'
end

group :staging, :production do
  gem 'passenger', '~> 5.0.15'
  gem 'sentry-raven', :git => 'https://github.com/getsentry/raven-ruby.git'
end

My gemfile.lock

GIT
  remote: https://github.com/getsentry/raven-ruby.git
  revision: 3cdae1db11267f6c81ebf295254ecb42817b25d5
  specs:
    sentry-raven (0.15.5)
      faraday (>= 0.7.6)

GEM
  remote: https://rubygems.org/
  specs:
    acme-client (0.2.4)
      faraday (~> 0.9, >= 0.9.1)
      json-jwt (~> 1.2, >= 1.2.3)
    actionmailer (4.2.5.1)
      actionpack (= 4.2.5.1)
      actionview (= 4.2.5.1)
      activejob (= 4.2.5.1)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 1.0, >= 1.0.5)
    actionpack (4.2.5.1)
      actionview (= 4.2.5.1)
      activesupport (= 4.2.5.1)
      rack (~> 1.6)
      rack-test (~> 0.6.2)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
    actionview (4.2.5.1)
      activesupport (= 4.2.5.1)
      builder (~> 3.1)
      erubis (~> 2.7.0)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
    activejob (4.2.5.1)
      activesupport (= 4.2.5.1)
      globalid (>= 0.3.0)
    activemodel (4.2.5.1)
      activesupport (= 4.2.5.1)
      builder (~> 3.1)
    activerecord (4.2.5.1)
      activemodel (= 4.2.5.1)
      activesupport (= 4.2.5.1)
      arel (~> 6.0)
    activesupport (4.2.5.1)
      i18n (~> 0.7)
      json (~> 1.7, >= 1.7.7)
      minitest (~> 5.1)
      thread_safe (~> 0.3, >= 0.3.4)
      tzinfo (~> 1.1)
    arel (6.0.3)
    audited (4.2.0)
      rails-observers (~> 0.1.2)
    audited-activerecord (4.2.0)
      activerecord (~> 4.0)
      audited (= 4.2.0)
    bcrypt (3.1.10)
    bindata (2.2.0)
    binding_of_caller (0.7.2)
      debug_inspector (>= 0.0.1)
    builder (3.2.2)
    climate_control (0.0.3)
      activesupport (>= 3.0)
    cocaine (0.5.8)
      climate_control (>= 0.0.3, < 1.0)
    coffee-rails (4.1.1)
      coffee-script (>= 2.2.0)
      railties (>= 4.0.0, < 5.1.x)
    coffee-script (2.4.1)
      coffee-script-source
      execjs
    coffee-script-source (1.10.0)
    concurrent-ruby (1.0.0)
    debase (0.2.1)
      debase-ruby_core_source
    debase-ruby_core_source (0.8.4)
    debug_inspector (0.0.2)
    devise (3.5.6)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 3.2.6, < 5)
      responders
      thread_safe (~> 0.1)
      warden (~> 1.2.3)
    erubis (2.7.0)
    execjs (2.6.0)
    faraday (0.9.2)
      multipart-post (>= 1.2, < 3)
    globalid (0.3.6)
      activesupport (>= 4.1.0)
    i18n (0.7.0)
    jquery-rails (3.1.4)
      railties (>= 3.0, < 5.0)
      thor (>= 0.14, < 2.0)
    jquery-turbolinks (2.1.0)
      railties (>= 3.1.0)
      turbolinks
    json (1.8.3)
    json-jwt (1.5.2)
      activesupport
      bindata
      multi_json (>= 1.3)
      securecompare
      url_safe_base64
    letsencrypt_plugin (0.0.7)
      acme-client (~> 0.2.4)
      rails (~> 4.2.5)
    loofah (2.0.3)
      nokogiri (>= 1.5.9)
    mail (2.6.3)
      mime-types (>= 1.16, < 3)
    mime-types (2.99)
    mimemagic (0.3.0)
    mini_portile (0.6.2)
    minitest (5.8.4)
    multi_json (1.11.2)
    multipart-post (2.0.0)
    mysql2 (0.3.20)
    nokogiri (1.6.6.4)
      mini_portile (~> 0.6.0)
    orm_adapter (0.5.0)
    paperclip (4.3.5)
      activemodel (>= 3.2.0)
      activesupport (>= 3.2.0)
      cocaine (~> 0.5.5)
      mime-types
      mimemagic (= 0.3.0)
    passenger (5.0.24)
      rack
      rake (>= 0.8.1)
    polyamorous (1.3.0)
      activerecord (>= 3.0)
    posix-spawn (0.3.11)
    rack (1.6.4)
    rack-test (0.6.3)
      rack (>= 1.0)
    rails (4.2.5.1)
      actionmailer (= 4.2.5.1)
      actionpack (= 4.2.5.1)
      actionview (= 4.2.5.1)
      activejob (= 4.2.5.1)
      activemodel (= 4.2.5.1)
      activerecord (= 4.2.5.1)
      activesupport (= 4.2.5.1)
      bundler (>= 1.3.0, < 2.0)
      railties (= 4.2.5.1)
      sprockets-rails
    rails-deprecated_sanitizer (1.0.3)
      activesupport (>= 4.2.0.alpha)
    rails-dom-testing (1.0.7)
      activesupport (>= 4.2.0.beta, < 5.0)
      nokogiri (~> 1.6.0)
      rails-deprecated_sanitizer (>= 1.0.1)
    rails-html-sanitizer (1.0.3)
      loofah (~> 2.0)
    rails-observers (0.1.2)
      activemodel (~> 4.0)
    railties (4.2.5.1)
      actionpack (= 4.2.5.1)
      activesupport (= 4.2.5.1)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rake (10.4.2)
    ransack (1.6.6)
      actionpack (>= 3.0)
      activerecord (>= 3.0)
      activesupport (>= 3.0)
      i18n
      polyamorous (~> 1.2)
    responders (2.1.1)
      railties (>= 4.2.0, < 5.1)
    ruby-debug-ide (0.6.0)
      rake (>= 0.8.1)
    sass (3.4.21)
    sass-rails (5.0.4)
      railties (>= 4.0.0, < 5.0)
      sass (~> 3.1)
      sprockets (>= 2.8, < 4.0)
      sprockets-rails (>= 2.0, < 4.0)
      tilt (>= 1.1, < 3)
    securecompare (1.0.0)
    sprockets (3.5.2)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
    sprockets-rails (3.0.1)
      actionpack (>= 4.0)
      activesupport (>= 4.0)
      sprockets (>= 3.0.0)
    thor (0.19.1)
    thread_safe (0.3.5)
    tilt (2.0.2)
    tinymce-rails (4.3.8)
      railties (>= 3.1.1)
    turbolinks (2.5.3)
      coffee-rails
    tzinfo (1.2.2)
      thread_safe (~> 0.1)
    uglifier (2.7.2)
      execjs (>= 0.3.0)
      json (>= 1.8.0)
    url_safe_base64 (0.2.2)
    warden (1.2.6)
      rack (>= 1.0)
    web-console (2.3.0)
      activemodel (>= 4.0)
      binding_of_caller (>= 0.7.2)
      railties (>= 4.0)
      sprockets-rails (>= 2.0, < 4.0)
    will_paginate (3.0.7)

PLATFORMS
  ruby

DEPENDENCIES
  audited-activerecord (~> 4.0)
  coffee-rails (~> 4.1.0)
  debase
  devise (~> 3.5.1)
  i18n (~> 0.7.0)
  jquery-rails (~> 3.1.3)
  jquery-turbolinks (~> 2.1.0)
  letsencrypt_plugin (~> 0.0.7)
  mysql2 (~> 0.3.19)
  nokogiri (~> 1.6.6.2)
  paperclip (~> 4.3.0)
  passenger (~> 5.0.15)
  posix-spawn (~> 0.3.11)
  rails (~> 4.2.5)
  rake (~> 10.4.2)
  ransack (~> 1.6.6)
  ruby-debug-ide
  sass-rails (~> 5.0.3)
  sentry-raven!
  tinymce-rails (~> 4.3.8)
  turbolinks (~> 2.5.3)
  uglifier (~> 2.7.1)
  web-console (~> 2.0)
  will_paginate (~> 3.0.7)

BUNDLED WITH
   1.10.6

Can you please help me understand what I need to do re the symlinks mentioned in the wiki.

Many thanks, Martin

Is there a particular reason to not support Rails 5.1 which was released several weeks ago?

Whenever a new Rails version is released, I'm prevented from upgrading because of this.

Can we simply not define an upper end to the Rails version?

Is there a renewal process for renewing certificates with this gem?

Several people are forking this gem to do just one thing: Change the rails dependency from ~> 4 to >= 4 so as to allow for Rails 5.

I see that there is an (outdated) rails5 branch. Is there any reason for not changing at least the Rails version dependency in master?

If I follow the installation steps, when I run rake letsencrypt_plugin:install:migrations, the environment is loaded, our initializer too and looks for the YML file. Maybe we should say to put the config file before running rake or even installing the gem.

Other comment,

$ openssl genrsa 4096 > key/keyfile.pem
bash: key/keyfile.pem: No such file or directory
$ mkdir key
$ openssl genrsa 4096 > key/keyfile.pem

A little mkdir hint wouldn't hurt ;)

As stated by Letsencrypt, they want clients to renew certs automatically, hence the purposefully inconvenient 3 month duration. Here's how to go about this gradually:

• Make the script directly put the keys in place, whether in a folder or Heroku given proper rights
• Make a process for the plugin to get keys and access the Heroku API to change keys
• Figure out a cron job or something to do this automatically every 2 months

I'll try to tackle this according to my schedule.

[enhancement]

First of all, I love this project!
The issue that I'm having is that the /.well-known/acme-challenge/:challenge route is 404'ing.
When I run rake routes, the letsencrypt plugin engine route doesn't show up, could that mean anything?
My rake routes is exactly as specified:

Rails.application.routes.draw do
  mount LetsencryptPlugin::Engine, at: '/'
...
end

Here's the error from running the plugin.
E, [2016-01-28T01:57:04.004555 #49047] ERROR -- : Challenge verification failed! Error: urn:acme:error:unauthorized: Invalid response from http://[domainname.com]/.well-known/acme-challenge/WKLyr2JbtUaWBTrQ2Gsk97467rhwAoJEkY98YexNwGc [54.83.9.155]: 404

Any ideas would be appreciated!

I have a domain which is used for test websites - softapps-test1.uk. (Note, that's ".uk", not ".co.uk".)

I am using sub-domains for individual sites. I want to create a certificate for nkts.softapps-test1.uk which is Rails, so using letsencrypt_plugin.

I've followed the instructions at https://github.com/lgromanowski/letsencrypt-plugin/wiki/Installation-guide:-

1. gem in the gemfile + bundle install

• letsencrypt_plugin (0.0.7)
• acme-client (0.2.4)
• faraday (0.9.2)
• json-jwt (1.5.2)

2. config/letsencrypt_plugin.yml:-
   default: &default
   endpoint: 'https://acme-v01.api.letsencrypt.org/'

in Rails.root, path to private key

private_key: 'key/keyfile.pem'

in Rails.root, path where certificates

will be stored (on Heroku this variable is ignored)

output_cert_dir: 'certificates'

in Rails.root, path where challenge token

will be stored in case when DB will not be used

challenge_dir_name: 'challenge'

development:
<<: *default

test:
<<: *default

staging:
email: '[email protected]'
domain: 'nkts.softapps-test1.uk'
<<: *default

production:
email: 'xxx'
domain: 'xxx'
<<: *default

3. Initially I bypassed the migration step, because I wanted the challenge to go into the filesystem and not use a table.

Seems like this doesn't actually work???

Anyway, have now created the migration and db:migrated on the server (see logs below).

4. created private key

5. created key & certificates folders, and confirmed that challenge folder does not exist

6. made the changes to routes.rb. Output from Rake routes:-
   Routes for LetsencryptPlugin::Engine:
   GET /.well-known/acme-challenge/:challenge(.:format) letsencrypt_plugin/application#index

7. restarted server

However, the setup process fails:-

rake letsencrypt_plugin
I, [2016-02-20T06:00:34.896832 #24673] INFO -- : Loading private key...
I, [2016-02-20T06:00:34.898121 #24673] INFO -- : Trying to register at Let's Encrypt service...
I, [2016-02-20T06:00:35.408271 #24673] INFO -- : Already registered.
I, [2016-02-20T06:00:35.408564 #24673] INFO -- : Sending authorization request for: nkts.softapps-test1.uk...
I, [2016-02-20T06:00:35.731391 #24673] INFO -- : Storing challenge information...
I, [2016-02-20T06:00:38.129574 #24673] INFO -- : Waiting for challenge status...
E, [2016-02-20T06:00:39.894567 #24673] ERROR -- : Challenge verification failed! Error: urn:acme:error:unauthorized: Error parsing key authorization file: Invalid key authorization: 1 parts

AFAICT, NGINX is responding correctly to the requests:-
66.133.109.36 - - [20/Feb/2016:06:00:38 -0500] "GET /.well-known/acme-challenge/2fHlxgnhwBwSpQsnEVY-ZzF5O5eKuVaeHgCyK4onYoE HTTP/1.1" 200 5 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
80.189.71.195 - - [20/Feb/2016:06:10:36 -0500] "GET /.well-known/acme-challenge/2fHlxgnhwBwSpQsnEVY-ZzF5O5eKuVaeHgCyK4onYoE HTTP/1.1" 200 5 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:44.0) Gecko/20100101 Firefox/44.0"
66.133.109.36 - - [20/Feb/2016:06:21:20 -0500] "GET /.well-known/acme-challenge/jVDyDF02-3VB4x1igsLGi2n7sWE-iRs287YRiJkzdbw HTTP/1.1" 200 5 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

Rails is processing the request, and I can see the row in letsencrypt_plugin_challenges table after the request has run:-

I, [2016-02-20T06:21:16.615921 #25218] INFO -- : ** [Raven] Raven 0.15.5 configured not to send errors.
I, [2016-02-20T06:21:16.786728 #25218] INFO -- : ** [Raven] Raven 0.15.5 configured not to send errors.
D, [2016-02-20T06:21:17.671430 #25218] DEBUG -- : LetsencryptPlugin::Challenge Load (0.8ms) SELECT letsencrypt_plugin_challenges.* FROM letsencrypt_plugin_challenges ORDER BY letsencrypt_plugin_challenges.id ASC LIMIT 1
D, [2016-02-20T06:21:17.682295 #25218] DEBUG -- : (0.1ms) BEGIN
D, [2016-02-20T06:21:17.696225 #25218] DEBUG -- : SQL (7.0ms) UPDATE letsencrypt_plugin_challenges SET response = 'jVDyDF02-3VB4x1igsLGi2n7sWE-iRs287YRiJkzdbw.[10 chars here]_[32 chars here]', updated_at = '2016-02-20 11:21:17' WHERE letsencrypt_plugin_challenges.id = 1
D, [2016-02-20T06:21:17.700327 #25218] DEBUG -- : (3.0ms) COMMIT
I, [2016-02-20T06:21:20.431737 #2101] INFO -- : Started GET "/.well-known/acme-challenge/jVDyDF02-3VB4x1igsLGi2n7sWE-iRs287YRiJkzdbw" for 66.133.109.36 at 2016-02-20 06:21:20 -0500
I, [2016-02-20T06:21:20.436289 #2101] INFO -- : Processing by LetsencryptPlugin::ApplicationController#index as /
I, [2016-02-20T06:21:20.436361 #2101] INFO -- : Parameters: {"challenge"=>"jVDyDF02-3VB4x1igsLGi2n7sWE-iRs287YRiJkzdbw"}
I, [2016-02-20T06:21:20.438905 #2101] INFO -- : Rendered text template (0.0ms)
I, [2016-02-20T06:21:20.439240 #2101] INFO -- : Completed 200 OK in 3ms (Views: 0.8ms | ActiveRecord: 0.0ms)

NB I've edited the UPDATE of the response onto the table

In case it's relevant, this is my apps .conf file under nginx:-
server {
listen 80 default_server;
listen [::]:80 default_server;
passenger_enabled on;
root /home/rails/git/public;
passenger_app_env staging;
index index.html index.htm index.nginx-debian.html;
server_name nkts.softapps-test1.uk;
client_max_body_size 100m;
client_body_timeout 300s;
}

Would appreciate any help to work out why this isn't working.

Many thanks, Martin

On Max OSX using jruby 9.0.5.0 I get the error "uninitialized constant OpenSSL::PKey::EC" when I run
$ rake letsencrypt_plugin
If anyone wants to duplicate issue follow the installation instructions except in the gemfile use:
gem 'letsencrypt_plugin', :git => "https://github.com/lgromanowski/letsencrypt-plugin.git"
Because jRuby is comparable to ruby 2.2.0

For example, mydomain.com and www.mydomain.com

When using the letsencrypt command, -d should be used twice.

./letsencrypt-auto certonly --webroot -w /var/www/default -d mydomain.net -d www.mydomain.net

Hi @lgromanowski,

thank you very much for this great gem.

I forked it and added a new configuration key 'cert_name' and adopted the wiki.

• If this key isn't set, the first entry in 'domain' is used a the key name, as usual.
• If it is set, its value will be used for the key names.

I think this could be very helpful, because we can set the key name independently from the domains, which could change when saved in db.

I don't have tests for this right now, its just tested on our staging servers.

Will you be happy with a merge request?

commit: https://github.com/FloHeinle/letsencrypt-plugin/commit/2d2528c941c16997d2d7b526e16872a9512abc87

wiki: https://github.com/FloHeinle/letsencrypt-plugin/wiki