Heroku: Need to run the task twice

[joallard]

I've got the following log

$ heroku run rake letsencrypt_plugin -r staging
Running rake letsencrypt_plugin on app... up, run.7682
** [Honeybadger] Starting Honeybadger version 2.3.0 level=1 pid=3
I, [2016-01-15T18:43:43.461890 #3]  INFO -- : Loading private key...
I, [2016-01-15T18:43:43.462301 #3]  INFO -- : Trying to register at Let's Encrypt service...
I, [2016-01-15T18:43:43.806908 #3]  INFO -- : Already registered.
I, [2016-01-15T18:43:43.812663 #3]  INFO -- : Sending authorization request...
I, [2016-01-15T18:43:44.077606 #3]  INFO -- : Storing challenge information...
I, [2016-01-15T18:43:46.602691 #3]  INFO -- : Waiting for challenge status...
E, [2016-01-15T18:43:48.365466 #3] ERROR -- : Challenge verification failed! Error: urn:acme:error:unauthorized: Error parsing key authorization file: Invalid key authorization: 1 parts

The community post, Manual Method: Invalid key authorization: 1 parts suggests a typo, but I doubt this is the case here.

In trying to tackle this, I'm left wondering what went wrong. Maybe a few more log lines showing what challenge we store would be helpful?

[joallard]

From reading the code, the challenge won't get stored if there's a output_cert_dir key present in config. Closing in favor of #14 since that's a documentation issue.

[joallard]

Actually I just got this in production without the key present. There's really few actionable information in the log.

[joallard]

Wait. It works only after I run it a second time. Weird.

[lgromanowski]

I wonder if running heroku run touch tmp/restart.txt will help before running heroku run rake letsencrypt_plugin would help?

[jack-mcgrath]

Hey joallard, I'm getting the same error that you were originally getting (Invalid key authorization: 1 parts). Any advice on how to get it to go away? Already tried running it twice:)
Here's a step by step of what I've done:

1. installed the gem
2. updated the .yml file with my domain and email.
3. mkdir key and challenges
4. run rake letsencrypt_plugin:install:migrations and rake db:migrate
5. openssl genrsa 4096 > key/keyfile.pem
6. mkdir output_cert_dir
7. updated rake routes
8. touch tmp/restart.txt
9. pushed all of this to heroku
10. heroku run:detached rake letsencrypt_plugin:install:migrations and rake db:migrate
11. heroku run:detached touch tmp/restart.txt
12. heroku run:detached rake letsencrypt_plugin
    And that's where I'm getting the error.

From heroku logs, I can see that I'm getting close, but it looks like it's not rendering the cert.

2016-01-29T04:14:01.449954+00:00 heroku[router]: at=info method=GET path="/.well-known/acme-challenge/7vB-YpknloyD2XLnpm6pjKJR7vW7xGT5u4bUW6BXn4c" host=alpha.extrara.com request_id=d4958c14-01fe-4291-8903-0f7896a62e91 fwd="66.133.109.36" dyno=web.1 connect=1ms service=7ms status=200 bytes=376

2016-01-29T04:14:01.447803+00:00 app[web.1]: Processing by LetsencryptPlugin::ApplicationController#index as */* 2016-01-29T04:14:01.447818+00:00 app[web.1]: Parameters: {"challenge"=>"7vB-YpknloyD2XLnpm6pjKJR7vW7xGT5u4bUW6BXn4c"}

Error from letsencrypt_plugin:
I, [2016-01-29T04:13:58.306854 #3] INFO -- : Trying to register at Let's Encrypt service... I, [2016-01-29T04:13:58.725828 #3] INFO -- : Already registered. I, [2016-01-29T04:13:58.725906 #3] INFO -- : Sending authorization request for: alpha.extrara.com... I, [2016-01-29T04:13:58.876560 #3] INFO -- : Storing challenge information... I, [2016-01-29T04:14:01.040737 #3] INFO -- : Waiting for challenge status... E, [2016-01-29T04:14:02.514946 #3] ERROR -- : Challenge verification failed! Error: urn:acme:error:unauthorized: Error parsing key authorization file: Invalid key authorization: 1 parts 2016-01-29T04:14:03.130136+00:00 heroku[run.4789]: State changed from up to complete 2016-01-29T04:14:03.113450+00:00 heroku[run.4789]: Process exited with status 0

[jack-mcgrath]

Also, I have noticed that the query
SELECT * FROM letsencrypt_plugin_challenges
returns no data. Is that an issue? The table is there, it just has no information stored.

[lgromanowski]

Hi,
could you please check if opening your web page in a web browser or downloading it by wget after step 11) will help?

[jack-mcgrath]

Just tried that. No luck.

[lifeiscontent]

@jack-mcgrath any updates with this?

[jack-mcgrath]

Nope, ended up doing the letsencrypt installation process manually.

[joallard]

Anecdotally: upped to 0.0.8, ran the command to make a new cert, ran fine on first try

[memoht]

I was working on this tonight and maybe I am not clear on something. When I generate openssl genrsa 4096 > key/keyfile.pem it is sounding like you want that checked into version control and pushed to heroku. Am I understanding that to be correct?

Ok, thought about this for a minute and may go this route. http://www.beardedhacker.com/blog/2014/10/20/load-private-key-to-heroku/

I didn't think I wanted a private key checked into version control, but the instructions were not clear on this for me.