Heroku Updating SSL endpoint failed - No key found that signs the certificate

Question

I am trying to replace my SSL cert on my Heroku Rails app.

I have reissued the SSL cert and am trying to update the SSL end point.

However, When I run the following command I get this error.

heroku certs:update server.crt intermediate.crt server.key -a my_rails_app

Resolving trust chain... failed
 !    No key found that signs the certificate.

Answer 1

First off here are some good links to help you with this.

https://devcenter.heroku.com/articles/ssl-endpoint

https://gist.github.com/shripadk/552554

https://www.resumonk.com/blog/setup-ssl-certificate-heroku/

I reissued my SSL cert and when I got it in an email I copied the whole thing not just the Cert information.

Afterwards Heroku ran the update without issues.

server.crt

Web Server CERTIFICATE
-----------------

-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIDEet1MA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
IWAr5kQ/k2Hy4jXxHpqWMbK/SNu/UIlJM/xjyVvANy43orc2zBnGIPrzECMBWAP1
Xbkz4PUm4DuD8bRrkN7q9VKrssROFXkrl/teOg==


-----END CERTIFICATE-----


INTERMEDIATE CA:
---------------------------------------

-----BEGIN CERTIFICATE-----
MIID1TCCAr2gAwIBAgIDAjbRMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
knYYCnwPLI6FoOpC+ZNmZzYV+yoAVHHb1c0XqtK
LEL2TxyJeN4mTvVvk0wVaydWTQBUbHq3tw==
-----END CERTIFICATE-----

Answer 2

After pulling my hair out over updating an existing SSL in heroku, and wasting many, many hours, I came across a Heroku Add-On called Expedited SSL that makes this process so painless, its almost too good to be true. But it is true. What I couldn't solve in the last 6 hours was just solved in literally 1 minute with this add on.

I shall say no more.

Answer 3

I was getting the same error. In order to fix, I had the pass the path to privkey.pem after fullchain.pem

sudo heroku certs:update /etc/letsencrypt/live/domain_name/fullchain.pem /etc/letsencrypt/live/domain_name/privkey.pem  -a tc-sales-portal

Hope it helps