failing with letsencrypt cert
Closed this issue · 3 comments
danp commented
Given the chain below for a letsencrypt cert, I am getting an error on h certs:chain and h certs:add:
% h certs:chain fullchain.pem
Resolving trust chain... failed
! Heroku client internal error.
! Search for help at: https://help.heroku.com
! Or report a bug at: https://github.com/heroku/heroku/issues/new
Error: Expected(200) <=> Actual(500 InternalServerError)
(Excon::Errors::InternalServerError)
Command: heroku certs:chain fullchain.pem
Plugins: heroku-oauth
heroku-spaces
heroku-sudo
Version: heroku-toolbelt/3.42.21 (x86_64-darwin10.8.0) ruby/1.9.3
Error ID: eef97076422144eda25320c07146605c
More information in /Users/dan.peterson/.heroku/error.log
the chain:
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAaem07ZsKLN+JX1D4aNtcIh1MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTExMDUxNTA5MDBaFw0x
NjAyMDMxNTA5MDBaMBMxETAPBgNVBAMTCGRhbnAubmV0MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAxmOAOLewAtwBlOSXiu4DerXkDJOpeRc/Arcc4qzA
GSQl/fawSuVqSAONarGDpIMX4G181OmlHqGRwuVUAVu3E9hg3M2ioSKEp84m2moA
2xYTrceXHUtHdKWgT/PK8Zerni+7Xrfr3Gue6EcpsNmnHyKrxx0FsPlSYq6wqLwF
b1Ag0Ko8OVbZVNPYnMqpJTzqtKrcbTB03WQ9Eq8+jFI8K2tDYTjNScSRxeeaIxBo
T7bW+5R21lDXu7chsvvU39Cdim5hg959bAsZJMyxLcp8eWADe0+Jw+DJcBeKHGTj
tZAB3r/XTG+cnbNnI7M+REibCoKXuegM6rDmrR6Zmsv7VwIDAQABo4ICGjCCAhYw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQEinZH3lsC+mSw2MdeFRD+Qlo2ojAfBgNV
HSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBwBggrBgEFBQcBAQRkMGIwLwYI
KwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14MS5sZXRzZW5jcnlwdC5vcmcvMC8G
CCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDEubGV0c2VuY3J5cHQub3JnLzAh
BgNVHREEGjAYgghkYW5wLm5ldIIMd3d3LmRhbnAubmV0MIIBAAYDVR0gBIH4MIH1
MAoGBmeBDAECATAAMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0
cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBD
ZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBh
cnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0
ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3Np
dG9yeS8wDQYJKoZIhvcNAQELBQADggEBAEMTQY1dL59G/eIzhu6KnB/u5QGnsjOV
/0pJdgfx4HMzU898bhH/w5TkDgl+V68bZ/R2Eoc58DAH/bG4luSJWvYrEC218Ui3
qnHfQGKDuBOCgh2w9D7UMp3846Hsn5wxOagG4ZxXWezvOzRVV+5vxXO7Pk6i1lq5
BW1V22dYDaF3kiNqb5Dk51zH3k485P/Gvw453yugIDW4doMUXPkJ6g7oh9sSYMh3
8c3V27PfmL/ej0oNksDTX92h855qOYDvlD/pNvtRcfeMu7cqzH7UNwPRZ6z48VL+
AUnRl7Qc+s8gkzRtbY3nR1XXnGc7jlohH7Hr19ygYSWVW1gVbiiLWPw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
-----END CERTIFICATE-----
kch commented
Probably just this:
2015-11-05T17:43:55.576531+00:00 heroku[router]: at=info method=POST path="/resolve-chain-and-key" host=ssl-doctor.herokuapp.com request_id=750de50e-7835-4ba9-8f82-5a00f741a366 fwd="142.167.252.195" dyno=web.2 connect=0ms service=11478ms status=500 bytes=330
2015-11-05T17:43:55.581681+00:00 app[web.2]: Sequel::DatabaseDisconnectError - PG::Error: no connection to the server
2015-11-05T17:43:55.581685+00:00 app[web.2]: :
2015-11-05T17:43:55.581687+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/adapters/postgres.rb:149:in `exec'
2015-11-05T17:43:55.581689+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/database/logging.rb:33:in `log_yield'
2015-11-05T17:43:55.581688+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/adapters/postgres.rb:149:in `block in execute_query'
2015-11-05T17:43:55.581690+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/adapters/postgres.rb:149:in `execute_query'
2015-11-05T17:43:55.581691+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/adapters/postgres.rb:136:in `block in execute'
2015-11-05T17:43:55.581692+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/adapters/postgres.rb:136:in `execute'
2015-11-05T17:43:55.581691+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/adapters/postgres.rb:115:in `check_disconnect_errors'
2015-11-05T17:43:55.581693+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/adapters/postgres.rb:520:in `log_connection_execute'
2015-11-05T17:43:55.581694+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/database/transactions.rb:312:in `rollback_transaction'
2015-11-05T17:43:55.581695+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/database/transactions.rb:131:in `rescue in _transaction'
2015-11-05T17:43:55.581695+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/database/transactions.rb:152:in `_transaction'
2015-11-05T17:43:55.581696+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/database/transactions.rb:102:in `block in transaction'
2015-11-05T17:43:55.581697+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/database/connecting.rb:236:in `block in synchronize'
2015-11-05T17:43:55.581698+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/connection_pool/threaded.rb:104:in `hold'
2015-11-05T17:43:55.581698+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/database/connecting.rb:236:in `synchronize'
2015-11-05T17:43:55.581700+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/ssltool-0.0.11/lib/ssltool/certificate_store.rb:60:in `detect_and_merge_intermediates!'
2015-11-05T17:43:55.581699+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sequel-3.46.0/lib/sequel/database/transactions.rb:95:in `transaction'
2015-11-05T17:43:55.581700+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/ssltool-0.0.11/lib/ssltool/adapters/sequel.rb:19:in `store_pool'
2015-11-05T17:43:55.581701+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/ssltool-0.0.11/lib/ssltool/certificate_store.rb:81:in `resolve_chain'
2015-11-05T17:43:55.581703+00:00 app[web.2]: ssl-doctor.rb:65:in `block in <main>'
2015-11-05T17:43:55.581704+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1415:in `block in compile!'
2015-11-05T17:43:55.581702+00:00 app[web.2]: ssl-doctor.rb:47:in `resolve_chain_and_key'
2015-11-05T17:43:55.581703+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1415:in `call'
2015-11-05T17:43:55.581705+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:944:in `[]'
2015-11-05T17:43:55.581706+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:944:in `block (3 levels) in route!'
2015-11-05T17:43:55.581707+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:960:in `route_eval'
2015-11-05T17:43:55.581707+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:944:in `block (2 levels) in route!'
2015-11-05T17:43:55.581708+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:981:in `block in process_route'
2015-11-05T17:43:55.581709+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:979:in `catch'
2015-11-05T17:43:55.581711+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:943:in `block in route!'
2015-11-05T17:43:55.581710+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:979:in `process_route'
2015-11-05T17:43:55.581711+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:942:in `each'
2015-11-05T17:43:55.581712+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:942:in `route!'
2015-11-05T17:43:55.581713+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1053:in `block in dispatch!'
2015-11-05T17:43:55.581713+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1035:in `block in invoke'
2015-11-05T17:43:55.581714+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1035:in `catch'
2015-11-05T17:43:55.581715+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1035:in `invoke'
2015-11-05T17:43:55.581715+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1050:in `dispatch!'
2015-11-05T17:43:55.581716+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:878:in `block in call!'
2015-11-05T17:43:55.581717+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1035:in `block in invoke'
2015-11-05T17:43:55.581718+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1035:in `catch'
2015-11-05T17:43:55.581728+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1035:in `invoke'
2015-11-05T17:43:55.581729+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:878:in `call!'
2015-11-05T17:43:55.581730+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:864:in `call'
2015-11-05T17:43:55.581731+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/rack-protection-1.5.0/lib/rack/protection/xss_header.rb:18:in `call'
2015-11-05T17:43:55.581731+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/rack-ssl-1.3.3/lib/rack/ssl.rb:27:in `call'
2015-11-05T17:43:55.581732+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/rack-protection-1.5.0/lib/rack/protection/path_traversal.rb:16:in `call'
2015-11-05T17:43:55.581733+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/rack-protection-1.5.0/lib/rack/protection/json_csrf.rb:18:in `call'
2015-11-05T17:43:55.581733+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/rack-protection-1.5.0/lib/rack/protection/base.rb:49:in `call'
2015-11-05T17:43:55.581734+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/rack-protection-1.5.0/lib/rack/protection/base.rb:49:in `call'
2015-11-05T17:43:55.581734+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/rack-protection-1.5.0/lib/rack/protection/frame_options.rb:31:in `call'
2015-11-05T17:43:55.581735+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/rack-1.5.2/lib/rack/logger.rb:15:in `call'
2015-11-05T17:43:55.581736+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/rack-1.5.2/lib/rack/commonlogger.rb:33:in `call'
2015-11-05T17:43:55.581736+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:209:in `call'
2015-11-05T17:43:55.581737+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:202:in `call'
2015-11-05T17:43:55.581738+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/rack-1.5.2/lib/rack/head.rb:11:in `call'
2015-11-05T17:43:55.581738+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/rack-1.5.2/lib/rack/methodoverride.rb:21:in `call'
2015-11-05T17:43:55.581739+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:172:in `call'
2015-11-05T17:43:55.581740+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1610:in `block in call'
2015-11-05T17:43:55.581740+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1947:in `call'
2015-11-05T17:43:55.581741+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1693:in `synchronize'
2015-11-05T17:43:55.581742+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/sinatra-1.4.2/lib/sinatra/base.rb:1610:in `call'
2015-11-05T17:43:55.581742+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/thin-1.5.1/lib/thin/connection.rb:81:in `block in pre_process'
2015-11-05T17:43:55.581743+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/thin-1.5.1/lib/thin/connection.rb:79:in `catch'
2015-11-05T17:43:55.581744+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/thin-1.5.1/lib/thin/connection.rb:79:in `pre_process'
2015-11-05T17:43:55.581744+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/eventmachine-1.0.3/lib/eventmachine.rb:1037:in `call'
2015-11-05T17:43:55.581745+00:00 app[web.2]: /app/vendor/bundle/ruby/2.1.0/gems/eventmachine-1.0.3/lib/eventmachine.rb:1037:in `block in spawn_threadpool'
2015-11-05T17:43:55.582971+00:00 app[web.2]: 142.167.252.195 - - [05/Nov/2015 17:43:55] "POST /resolve-chain-and-key HTTP/1.1" 500 30 11.4322
Still, guess I should add some kind of pg reconnection thing
kch commented
meh, let's see if this comes up again.
danp commented
Didn't have any trouble using certs:update to renew my LE cert so probably fine.