Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wildcard domains on Heroku break renewal without an ACME_DOMAIN variable #39

Open
jalada opened this issue Feb 23, 2017 · 11 comments · May be fixed by #45
Open

Wildcard domains on Heroku break renewal without an ACME_DOMAIN variable #39

jalada opened this issue Feb 23, 2017 · 11 comments · May be fixed by #45
Labels
bug

Comments

@jalada
Copy link
Collaborator

jalada commented Feb 23, 2017
edited
Loading 

$ heroku domains
=== my-app Custom Domains
Domain Name                                       DNS Target
────────────────────────────────────────────────  ──────────────────────────────────────────────────────────────
*.my-app.co.uk                            wildcard.my-app.co.uk.herokudns.com
www.my-app.co.uk                          www.my-app.co.uk.herokudns.com

$ heroku run rake letsencrypt:renew                                                                                                                                                                                          Running rake letsencrypt:renew on ⬢ my-app... up, run.5599 (Hobby)
Creating account key...Done!
Registering with LetsEncrypt...Done!
Using 5 configured Heroku domain(s) for this app...
Performing verification for *.my-app.co.uk:
rake aborted!
Acme::Client::Error::Malformed: Invalid character in DNS name

Workaround is to continue to set the ACME_DOMAIN variable.
@jalada jalada added the bug label Feb 23, 2017
@jalada
Copy link
Collaborator Author

jalada commented Feb 23, 2017

Also breaks the 'live' check, where the code picks the first domain from the heroku.domains call, which could be a wildcard.

@kaspernj
Copy link

kaspernj commented Feb 28, 2017
edited
Loading

I also ran into this problem. Possible solution to this could be to fix this line to select a hostname that isn't a wildcard instead of the first one?

https://github.com/pixielabs/letsencrypt-rails-heroku/blob/master/lib/tasks/letsencrypt.rake#L56

@jalada
Copy link
Collaborator Author

jalada commented Feb 28, 2017

@kaspernj yup, you're absolutely right! :)

@kaspernj
Copy link

@jalada Would you like me to submit a PR or would you prefer to do it yourself? :-)

@jalada
Copy link
Collaborator Author

jalada commented Feb 28, 2017

@kaspernj PRs are always welcome ⭐

@kaspernj kaspernj linked a pull request Feb 28, 2017 that will close this issue
Open
@kaspernj
Copy link

@jalada Done :-)

@mrdomino
Copy link

mrdomino commented Mar 4, 2017

Afaict #45 doesn't resolve this since Let's Encrypt doesn't support wildcard certs. Maybe it'd be good to have a default behavior of filtering the list of domains for non-wildcard domains?

@kaspernj
Copy link

kaspernj commented Mar 5, 2017

@mrdomino It fixed the problem for me.

I had a configuration with several configured normal domains and a wildcard domain (like in the example in this issue). For some reason the wild card domain was always chosen by letsencrypt-rails-heroku to make the connection test against.

Since the wildcard domain isn't a valid hostname the lookup failed and my certificate wasn't installed correctly.

After using the fix in #45 it worked correctly for me.

@mrdomino
Copy link

mrdomino commented Mar 5, 2017

Interesting. What domains does the resulting cert say it supports?

@kaspernj
Copy link

kaspernj commented Mar 5, 2017

@mrdomino All the ones defined in ACME_DOMAIN. The only difference the change makes, is that instead of taking the first domain in the configured domains on the Heroku app (not ACME_DOMAIN) it takes on of the configured domains that isn't a wildcard domain.

Original code to choose domain:
https://github.com/pixielabs/letsencrypt-rails-heroku/pull/45/files#diff-5afd887c0f3237cdd9f1f479de04e71cL56

New code to choose domain that isn't a wildcard:
https://github.com/pixielabs/letsencrypt-rails-heroku/pull/45/files#diff-5afd887c0f3237cdd9f1f479de04e71cR62

@mrdomino
Copy link

mrdomino commented Mar 5, 2017 via email

@jalada jalada mentioned this issue Feb 14, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixed domain wildcard issues kaspernj/letsencrypt-rails-heroku
3 participants
@mrdomino @jalada @kaspernj