Rails 5,Heroku加密SSL - 设置配置失败 [英] Rails 5, Heroku with Let's Encrypt SSL - trouble getting setup configured
问题描述
我已经尝试了几个宝石似乎被设计为帮助这个过程(letsencrypt-plugin),但已经删除了宝石推荐的所有安装步骤,因为我无法得到这个工作。
现在,我回到试图理解这里介绍的教程:
我没有越来越远。
此刻,呃ror消息说:
类型:未授权
详细信息:来自服务器的密钥授权文件与$ b $不匹配b这个挑战
[first random string.second random string]
!= [#{params [:id]}。ENV [LETS_ENCRYPT_SECOND]]
要修复这些错误,请确保您的域名是
正确输入,并且该域的$ A
包含正确的IP地址。
我已经在我的application.yml中保存了LETS_ENCRYPT_SECOND与'第二个随机字符串'。
我的DNS中没有任何A记录。我主持英雄 - 它没有给任何A记录或一个IP地址。我的域名注册于123-reg。
我不明白这部分说明:
mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge
cd / tmp / certbot / public_html
printf%sfirst random string.second random string> .well-known / acme-challenge / first random string
每个服务器只运行一次:
$(命令-v python2 ||命令-v python2.7 ||命令-v python2.6)-c \
import BaseHTTPServer ,SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('',80),SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()
我认为他们意味着我需要将上述4个命令放入终端,然后完成。我已经做了好几次,但我没有任何地方。
任何人都可以帮助建议如何设置。我被卡住了。
更新
我已经删除了所有的设置创建尝试遵循上述指南,并尝试再次使用letsencrypt_plugin gem
目前,这些设置都已配置,但是当我尝试运行rake letsencrypt_plugin时,我收到错误说:
挑战验证失败!错误:urn:acme:error:unknownHost:找不到www.example.com的有效IP地址
我现在不确定是否应该放置我的自定义域在letencrypt_plugin.yml文件中的名称,或者我是否应该为我的自定义域名写英雄应用别名。
此外,由于应用程序被托管在heroku上,没有IP地址。我的DNS配置根本没有任何A记录(没有IP地址)。
进一步更新
我做了一个全新的rails 5应用程序。我把它放在英雄上我再次尝试let encrypt_plugin。这一次,我收到一个错误,说:
heroku run rake letsencrypt_plugin
运行rake letsencrypt_plugin on⬢ancient-章程-78709 ... up,run.6780(Hobby)
I,[2016-10-17T07:59:13.985385#3] INFO - :试图在Let's加密服务注册
I,[2016-10-17T07:59:13.985480#3] INFO - :加载私钥...
我,[2016-10-17T07:59:14.255357#3]信息 - :Acme :: Client :: Error ::格式错误 - 注册密钥已经在使用
我,[2016-10-17T07:59:14.256579#3] INFO - :已经注册。
I,[2016-10-17T07:59:14.256646#3] INFO - :发送授权请求:www..com ...
I,[2016-10-17T07:59:信息 - :存储挑战信息...
I,[2016-10-17T07:59:16.688404#3] INFO - :等待挑战状态...
E, [2016-10-17T07:59:18.456415#3]错误 - :挑战验证失败!错误:urn:acme:错误:未经授权:来自http://www..com/.well-known/acme-challenge/eAniFLfG_3t5HrD6zbtppzWWYz1Ay76r0GaFHQ62GLI的无效响应:<!DOCTYPE html>
我们很抱歉,但出了问题(500)
我最近在 heroku(python)上使用其中一个链接你已经发布了,让我了解这个过程。
首先
- 您的网站有自己的域名还是使用英雄生成的域名?以上所有链接均为自定义域名的站点,不为英雄默认域名
[应用程序名称] .herokuapp.com - 要使您自己的域名遵循这里
- 您拥有自定义域名设置的一个,请按照以下链接:
example.com替换为- your-domain--name.com
我会一旦您完成上述过程,就很乐意解释更多信息
现在您有一个可以在 myexample.com 托管在 heroku
- 您必须打开一个网址路线
.well-known / acme-challenge在您的rails应用程序。一旦您打开它并重新部署您的rails应用程序,您应该可以访问URLhttp://myexample.com/.well-known/acme-challenge现在这个将显示一个没有内容的空白页。 - 接下来,通过手动生成上述链接中指定的ssl证书,输入您的域名。你应该达到一个步骤,在那里你被给予一个长的随机令牌
ya6k1edW38z.ebThgg67ggbb ...
现在这里是关键部分。这是我们如何加密验证您是您正在生成SSL证书的域的实际所有者。它为您提供了一个非常随机和复杂的文本,并要求您在域上显示特定路线 .well-known / acme-challenge domain.com
要完成这个
- 以文本格式将此令牌呈现为
.well-known / acme-challenge路由的输出。请参阅上面的链接代码 - 重新部署您的应用程序与这些更改
- 现在手动检查路由
http:// myexample.com/.well-known/acme-challenge。这将在上述步骤中显示在手动创建过程中获得的文字。
现在继续执行 certbot 。这应该为您的域创建证书。获得证书后,将其添加到heroku ssl设置中遵循此链接
I'm trying to figure out how to use let's encrypt with my rails app on heroku.
I've tried several gems which appear to have been designed to help with this process (letsencrypt-plugin)but have removed all of the installation steps those gems recommend because I couldn't get this working.
Now, I'm back to trying to make sense of the tutorials set out here:
http://collectiveidea.com/blog/archives/2016/01/12/lets-encrypt-with-a-rails-app-on-heroku/
I'm not getting far.
I'm trying this again: https://medium.com/should-designers-code/how-to-set-up-ssl-with-lets-encrypt-on-heroku-for-free-266c185630db#.h9vjoxboq
At the moment, the error messages say:
Type: unauthorized
Detail: The key authorization file from the server did not match
this challenge
[first random string.second random string]
!= [#{params[:id]}.ENV["LETS_ENCRYPT_SECOND"]]
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
I have saved LETS_ENCRYPT_SECOND with the 'second random string' in my application.yml.
I don't have any A records in my DNS. I host on heroku - it doesnt give any A records or an IP address. My domain is registered on 123-reg.
I don't understand this part of the instructions:
mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge
cd /tmp/certbot/public_html
printf "%s" first random string.second random string > .well-known/acme-challenge/first random string
run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c \ "import BaseHTTPServer, SimpleHTTPServer; \ s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \ s.serve_forever()"
I perceive them to mean that I need to put each of the above 4 commands into the terminal and then I'm done. I've done that several times but I don't get anywhere with this.
Can anyone help with advice for how to set this up. I'm stuck.
UPDATE
I have removed all the settings I created trying to follow the above guide and tried again with the letsencrypt_plugin gem
Currently, those settings are all configured but, when I try to run rake letsencrypt_plugin, I get an error that says:
Challenge verification failed! Error: urn:acme:error:unknownHost: No valid IP addresses found for www.example.com
I am now unsure whether I'm supposed to put my custom domain name in the letsencrypt_plugin.yml file, or whether I'm supposed to write the heroku app alias name for my custom domain name there.
Also, since the app is hosted on heroku, there is no IP address. My DNS configuration does not have any A records at all (no IP address).
FURTHER UPDATE
I made a completely new rails 5 app. I put it on heroku. I tried the let encrypt_plugin again. This time around, I get an error that says:
heroku run rake letsencrypt_plugin
Running rake letsencrypt_plugin on ⬢ ancient-octopus-78709... up, run.6780 (Hobby)
I, [2016-10-17T07:59:13.985385 #3] INFO -- : Trying to register at Let's Encrypt service...
I, [2016-10-17T07:59:13.985480 #3] INFO -- : Loading private key...
I, [2016-10-17T07:59:14.255357 #3] INFO -- : Acme::Client::Error::Malformed - Registration key is already in use
I, [2016-10-17T07:59:14.256579 #3] INFO -- : Already registered.
I, [2016-10-17T07:59:14.256646 #3] INFO -- : Sending authorization request for: www..com...
I, [2016-10-17T07:59:14.504527 #3] INFO -- : Storing challenge information...
I, [2016-10-17T07:59:16.688404 #3] INFO -- : Waiting for challenge status...
E, [2016-10-17T07:59:18.456415 #3] ERROR -- : Challenge verification failed! Error: urn:acme:error:unauthorized: Invalid response from http://www..com/.well-known/acme-challenge/eAniFLfG_3t5HrD6zbtppzWWYz1Ay76r0GaFHQ62GLI: "<!DOCTYPE html>
We're sorry, but something went wrong (500)
I've recently implemented ssl on heroku (python) using one of the links that you've posted. Let me make sense of the process.
Firstly
- Do you have your own domain name for your site or using the heroku generated domain ? All the links above are for sites with custom domain name, not for heroku default domain name
[name-of-app].herokuapp.com - To have your own domain name follow the procedure described here
- One you have your custom domain name setup follow the above link with
example.comreplaced with--your-domain--name.com
I'll be happy to explain more once you have done the above process
Now that you have a site which you can access at myexample.com which is hosted on heroku
- You have to open a url with route
.well-known/acme-challengeon your rails app. Once you open it and redeploy your rails app you should be able to go to the URLhttp://myexample.com/.well-known/acme-challengeFor now this will display a blank page with no content. - Next go through the manual generation of the ssl certificates specified in the above link with your domain name entered. You should reach a step where you were given a long randomised token
ya6k1edW38z.ebThgg67ggbb...
Now here is the critical part. This is how let's encrypt verifies that you are the actual owner of the domain for which you are generating ssl certificates. It gives you a really random and complex text and asks you to display on a particular route .well-known/acme-challenge on the domain your-domain.com
To accomplish this
- render this token in text format as an output for the
.well-known/acme-challengeroute. Refer to above link for example code - Redeploy your app with these changes
- Now check manually the route
http://myexample.com/.well-known/acme-challenge. This should display the text you got during manual creation in the above step.
Now proceed with the creation process on certbot. This should create the certificates for your domain. Once you got the certificates add them to heroku ssl settings following this link
这篇关于Rails 5,Heroku加密SSL - 设置配置失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
