Hi I'm trying to add SSL certificae to Heroku for my .app domain.
Namecheap provided certificate and domain.
I added it without problem first time, but after deleting it ( to reinstall as instructed by Namecheap support ) I started getting error Key could not be read since it's protected by a passphrase. when trying to add new certificate with same keys.
It's obviously not a pasphrase because it would fail on first time I uploaded it.
Can anyone help ?
Related
I have been going around and around with this issue. I can create a dev-cert using dotnet dev-certs https --trust but the certificate only appears in the Personal certificates folder. If I try copying it to the Trusted folder it disappears on refresh. I have watched videos of people doing this on YouTube and it works so I'm not sure what is wrong with my PC/install.
Running my code and hitting the route in Postman returns a 500 error and UntrustedRoot.
I have tried this using a local user account and my admin account. I have also tried creating a certificate and importing it using OpenSSL following guides I have found, but still no luck.
I am running Windows 10 Pro on a new build PC. Windows was a clean install with a new licence.
I really don't want to have to purchase a signed certificate just to do development on localhost as that seems a bit overkill.
Any suggestions?
tl;dr try disabling your anti-virus before creating certificate!
I finally stumbled upon the answer; my anti-virus, WebRoot. I was following a YouTube tutorial on how to add a custom certificate to Kestrel and in doing so I discovered that WebRoot was blocking access to the hosts file. Disabling the av allowed me to update that file but also, it then allowed trusting of the dev-cert generated by dotnet dev-certs https --trust.
Not sure how I can prevent this in future other than temporarily disable the av before creating a certificate. Frustrating that the av doesn't warn me and there doesn't appear to be an obvious setting to allow this to happen.
I had AutoSSL by Comodo on my CentOS WHM VPS previously configured and running. After the certificates got expired, I installed Let's Encrypt and tried to renew certificates via that service which failed with error that signified a DCV validation issue due to me to using the server's DNS. Also the HTTP validation was failing too.
Later, I switched back to Comodo AutoSSL and renewed two of the sites while all others failed with same error above.
Now the issue that persists is that I can't access the websites except one (the main account on WHM). All of the sites are showing defaultwebpage.cgi
What might possibly be the issue and what can be done to get the system back up?
Finally got the issue solved. The faults on my setup that made the DCV to fail were (different for different domains).
For a few domains, the DNS had AAA records(with IPV6 values) that prevented the updation.
For another domain the issue was that the DNS was on cloudflare and it wasn't getting auto updated. So, i had to manually enter the record that has name '_cpanel-dcv-test-record' and a value that had a data like '_cpanel-dcv-test-record=UF0zA7G97dxugw_u10XVpkRJ0faQg2bk2UHf2vDJkhKcElawaQqyaLtCL3VsquAGxv' (sample values for reference. not real)
I made the above changes, selected the domains (Inside CPanel for individual account > SSL > SSL Status) that needed the change and pressed the 'Run Auto SSL'.
Hope this helps someone who goes through a smilar situation.
This is a follow up to this issue HERE.
After creating new ssl certificates, I created new certs specfically for PayPal use. I have three certficates in play for PayPal which are the private key set to 440, public key set to 644, and PayPal key that I downloaded after uploading the public key, and that key is also set to 644. I also copied over the Cert ID.
All keys are being used as proven by my logging, however I am getting the infamous:
"We were unable to decrypt the certificate id"
There shouldn't be any copy paste issues (as I've seen others discuss) since I downloaded and uploaded everything without needing to copy/paste anything.
I am miffed at to what could be the problem. Any ideas?
This is resolved. The issue was just a configuration mis-step. I still wonder why and wonder if it is safe to allow a www-data readable on one of the private keys.
Yesterday, I added a RapidSSL certificate, but going to supplybetter.com still gives an SSL mismatch warning, and the heroku certificate rather than mine is being presented. I'd like to get this working and get rid of the warning as soon as possible.
To get the certificate, I followed the instructions in this tutorial, with the exception that there was no analogue to "../ssldir/myapp_mydomain_com_chain.key" in step 16, so I used the _chain-less .key file, the only one I had. My PEM is composed of my CRT followed by the intermediate CRT, with spacing / newlines correct after checking.
My DNS is through Badger.com, which interacts with Heroku; current records shown below. This post recommends adding a cname that I don't have, but there's no way for Badger to do that without uninstalling the Heroku plugin; it only allows one input, a "_______.herokuapp.com" address, and does the rest.
Results of heroku certs and ssl
matt$ heroku certs
Endpoint Common Name(s) Expires Trusted
------------------------ -------------------------------------- -------------------- -------
osaka-8681.herokussl.com www.supplybetter.com, supplybetter.com 2014-03-09 23:27 UTC True
matt$ heroku ssl
supplybetter.com has no certificate
www.supplybetter.com has no certificate
This question has been submitted to Badger and Heroku support; if there's not an accepted answer, I don't yet have a solution. Thank you for your help!
--
Heroku support:
"Hey,
So the tutorial you are following was for our legacy feature ssl:hostname which has been removed in place of ssl:endpoint. Running heroku certs, I see that your cert has been added properly. However, there is one final step, you need to point your CNAME to your ssl:endpoint osaka-8681.herokussl.com
Once you do that, just wait for the DNS to propagate and you should be good to go."
Issue now is that badger doesn't have a way I see of adding non-subdomain cnames, and their heroku app only takes things in ____.herokuapp.com format.
DNS does not support CNAME records for the domain apex ("non-subdomain"). Heroku docs recommend not using the apex domain. You DNS provider may provide a redirect-function from domain.com to www.domain.com that you can take advantage of.
DNSimple has a feature that let's you use the apex on Heroku, but you'd have to switch away from badger: http://support.dnsimple.com/questions/32831-How-do-I-point-my-domain-apex-to-Heroku
Badger support manually implemented the 3 A records that I needed, plus the correct CNAME to point to osaka.herokussl.com. My major mistake was that when faced with Badger's format to enter CNAMEs, _.domain.com, I didn't realize www would work. It's now propigated and working well.
Learned:
As of 3/8/13, Badger's Heroku plugin can't support custom domains, but they're possible to add manually
Badger support is very responsive
I am new to iPhone and need to generate certificate for my first app which supports APNS. I went through this and this site for help and i also am able to create the certificate but as soon as i append the certificate in my application on Xcode it gives me warning like
"profile doesn't match any valid certificate private key pair in the
default keychain"
I was been given a p12 certificate for development but now i am confused whether i need to use the same certificate or need to generate a new one for a new application? I know this question is asked many a time but i am really stuck at the point.
Kindly show me a path. Thanks in advance.
Make a new certificate request from the keychain tools. Upload that to the provisioning site and download the resulting certificate. Remember, the private key that corresponds to the certificate is embedded within the certificate request, so don't delete it before you export the private key.
Got the solution for the same problem,as i told i already went through all the steps but as per my knowledge what the problem was that the private key given to me was been generated through a windows os and hence was giving some problem. As a solution i deleted the development certificate and created again and solved the issue.Thanks bdares for the help.