This is based on:
Also, you have to have a paid plan for this to work. I have the cheapo $7/mo plan.
This step requires certbot, so if you don't have it, run
brew install certbot
Once it's installed, run the following command to generate the cert:
sudo certbot certonly --manual
Certbot will prompt you to configure your site to answer a "challenge" that will verify that you control the domain. For example, you'll be asked to have a route like the one below that returns a value certbot will specify:
I set up some environment variables in launchbot.io for these:
heroku config:set ACME_CHALLENGE_KEY=<value from certbot> --app ano-launchbot
heroku config:set ACME_CHALLENGE_ANSWER=<value from certbot> --app ano-launchbot
And then made a route that returned the key for the kiven value:
r.Handle("/.well-known/acme-challenge/"+env.AcmeChallengeKey, handler.Handler{env, api.HTTPAcmeChallenge}).Methods("GET")
...
func HTTPAcmeChallenge(env *handler.Env, w http.ResponseWriter, r *http.Request) error {
fmt.Fprintf(w, env.AcmeChallengeAnswer)
return nil
}
Wait for the heroku instance to restart with the updated config vars, and then press enter to continue with the certbot process. If all goes well, certbot will hit your new route with the challenge key to verify your answer, and then create a new cert for your site.
If you're successful, certbot will generate the certs in the /etc/letsencrypt/live/launchbot.io direcory.
To upload them to heroku, run this command:
sudo heroku certs:update \
/etc/letsencrypt/live/launchbot.io/cert.pem \
/etc/letsencrypt/live/launchbot.io/privkey.pem
To see what certs you have already:
$ heroku certs --app ano-launchbot
Name Common Name(s) Expires Trusted Type
───────────────── ────────────── ──────────────────── ─────── ────
stegosaurus-73150 launchbot.io 2017-03-18 15:59 UTC True SNI