Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

authorization.http is nil - NoMethodError: undefined method `filename' for nil:NilClass #69

Closed
joshkestenberg opened this issue Jun 11, 2020 · 11 comments

Comments

@joshkestenberg
Copy link

Running rake letsencrypt:renew --trace on ⬢ app-name... up, run.3335 (Hobby)
** Invoke letsencrypt:renew (first_time)
** Execute letsencrypt:renew
Using existing registration details
[Warning] Starting in PlatformAPI version 3+, requests will include rate throttling logic
to opt-out of this behavior set: `PlatformAPI.rate_throttle = RateThrottleClient::Null.new`
to silence this warning and opt-in to this logic, upgrade to PlatformAPI version 3+
Using 3 configured Heroku domain(s) for this app...
Performing verification for domain-name.com:
Setting config vars on Heroku...rake aborted!
NoMethodError: undefined method `filename' for nil:NilClass
/app/vendor/bundle/ruby/2.6.0/gems/letsencrypt-rails-heroku-2.0.1/lib/tasks/letsencrypt.rake:72:in `block (3 levels) in <main>'
/app/vendor/bundle/ruby/2.6.0/gems/letsencrypt-rails-heroku-2.0.1/lib/tasks/letsencrypt.rake:65:in `each'
/app/vendor/bundle/ruby/2.6.0/gems/letsencrypt-rails-heroku-2.0.1/lib/tasks/letsencrypt.rake:65:in `block (2 levels) in <main>'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/task.rb:281:in `block in execute'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/task.rb:281:in `each'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/task.rb:281:in `execute'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/task.rb:219:in `block in invoke_with_call_chain'
/app/vendor/ruby-2.6.0/lib/ruby/2.6.0/monitor.rb:230:in `mon_synchronize'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/task.rb:199:in `invoke_with_call_chain'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/task.rb:188:in `invoke'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/application.rb:160:in `invoke_task'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/application.rb:116:in `block (2 levels) in top_level'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/application.rb:116:in `each'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/application.rb:116:in `block in top_level'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/application.rb:125:in `run_with_threads'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/application.rb:110:in `top_level'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/application.rb:83:in `block in run'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/application.rb:186:in `standard_exception_handling'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/lib/rake/application.rb:80:in `run'
/app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/exe/rake:27:in `<top (required)>'
/app/vendor/bundle/ruby/2.6.0/bin/rake:23:in `load'
/app/vendor/bundle/ruby/2.6.0/bin/rake:23:in `<top (required)>'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:74:in `load'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:74:in `kernel_load'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:28:in `run'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/lib/bundler/cli.rb:463:in `exec'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor.rb:387:in `dispatch'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/lib/bundler/cli.rb:27:in `dispatch'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/base.rb:466:in `start'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/lib/bundler/cli.rb:18:in `start'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/exe/bundle:30:in `block in <top (required)>'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/lib/bundler/friendly_errors.rb:124:in `with_friendly_errors'
/app/vendor/bundle/ruby/2.6.0/gems/bundler-1.17.3/exe/bundle:22:in `<top (required)>'
/app/bin/bundle:104:in `load'
/app/bin/bundle:104:in `<main>'
Tasks: TOP => letsencrypt:renew

Tried both with and without included ENV['ACME_DOMAIN'], both with and without config.force_ssl and stated middleware config.

Any help is appreciated!

@joshkestenberg
Copy link
Author

joshkestenberg commented Jun 11, 2020

code block in question:

 order.authorizations.each do |authorization|
      puts "Performing verification for #{authorization.domain}:"

      challenge = authorization.http # THIS RETURNS NIL

      print "Setting config vars on Heroku..."
      heroku.config_var.update(heroku_app, {
        'ACME_CHALLENGE_FILENAME' => challenge.filename, # ERROR OCCURS HERE
        'ACME_CHALLENGE_FILE_CONTENT' => challenge.file_content
      })
    ....

(comments of course were added by me)

@weefunker
Copy link

You need to set your rails secret key in your config
In your local env --> grab the contents of master.key e.g 79c1839dd84c2b2e71fc26a75fb69a30
In local terminal

dokku config:set RAILS_MASTER_KEY=79c1839dd84c2b2e71fc26a75fb69a30

Not that your master key will be unique to your app

@mashedkeyboard
Copy link
Contributor

mashedkeyboard commented Aug 1, 2020

This is related to the problem I observed in the original implementation of ACME v2 in letsencrypt-rails-heroku here: https://github.com/pixielabs/letsencrypt-rails-heroku/pull/62/files/8097b032b1fec2fd4d257939c490f966290f66b3#r283752933

I'm putting together a PR to fix this - for the time being, there'll just be a pretty error, but in future, there should be a DNS validation.

@joshkestenberg
Copy link
Author

@mashedkeyboard are you suggesting that cert renewal simply won't work for the time being? Or am I doing something wrong? @weefunker I've added RAILS_MASTER_KEY as a heroku config variable and I'm still seeing the same error.

@joshkestenberg
Copy link
Author

scratch that. i think i forgot to delete some generated config vars and was encountering issues as a result. working now. thanks a lot!

@joshkestenberg
Copy link
Author

possible optimization would be to rescue on errors and purge ACME_CHALLENGE_FILENAME and ACME_CHALLENGE_FILE_CONTENT from config vars if they've been created?

@joshkestenberg
Copy link
Author

I'm actually still bumping into issues with any configuration apart from explicitly setting ENV['ACME_DOMAIN'] to my host name. I've tried omitting the config variable, and using a wildcard subdomain, but only ACME_DOMAIN=[app.com] is working for me.

Are wildcard subdomains supported? Is any additional configuration required on my end?

I was able to generate a cert but it's not worth much if it doesn't apply to all subdomains.

I see some discussion around this in #59 but am wondering what the current state of things looks like.

@mashedkeyboard
Copy link
Contributor

Wildcard domains aren't supported currently, no, @joshkestenberg. I did some work on this in #60, but we held off on merging it because wildcard validation requires DNS validation, and that in turn means that, for it to be useful on Heroku, it has to have an automated way of updating your DNS. At the time I wrote the code for #60, CloudFlare were just about to come out with API tokens for their API, rather than the global API keys they'd had up to that point that just allowed access to all aspects of your account, and I decided to hold off for that to turn up before finishing that.

What DNS provider are you using currently? Very happy to look at re-adding support for wildcards - ACME v2 as implemented in letsencrypt-rails-heroku supports it, and I know how to get it working there - it's just a case of me needing to find the time to sit down and put together a PR, and then to be able to test against whatever registrar APIs it ends up interfacing with to make it work. CF is nice and easy, but I don't know much about others.

@joshkestenberg
Copy link
Author

Hey sorry for the delayed reply.

We're using Namecheap. Right now we just have a slack reminder pinging us to renew our certs. 😦

@jalada
Copy link
Collaborator

jalada commented Oct 1, 2020

Hey all, sorry I think I had temporary blindness to GitHub emails about letsencrypt-rails-heroku 😬

It sounds like this issue is actually just 'support wildcard domains via DNS validations'. Is my understanding correct?

@jalada
Copy link
Collaborator

jalada commented Oct 7, 2020

I'm closing this issue for now, as #71 fixes the unfriendly error. I'll open a fresh issue re: supporting wildcard domains via DNS validations, but to set expectations, we have no plans to implement it at this time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants