This article is just paraphrasing this one with a bit more accuracy, corrections and cynicism.
First step: Update your rails code on heroku
The route /.well-known/acme-challenge/KEY should be added to your config/routes.rb file like so
get ‘/.well-known/acme-challenge/:id’ => ‘CONTROLLER#letsencrypt’
where CONTROLLER is the controller of your choice, in which the method should look like this
def letsencrypt
if params[:id] == ENV['LETSENCRYPT_KEY']
render text: ENV['LETSENCRYPT_CHALLENGE']
else
render text: "nope"
end
end
and don’t forget to make it “public”, so if you are using cancancan the following line is required on top of your controller file
skip_authorization_check only: [:letsencrypt]
Push it on heroku
> git push heroku # this may differ depending on your setup
and wait for it be deployed.
Second step: Install require software and generate the key
On ubuntu you can install letsencrypt command like this
> sudo apt install letsencrypt
The run the command with root privileges
> sudo letsencrypt certonly --manual
follow the instructions and when it asks you to verify that the given URL is reachable, don’t presse ENTER but follow third step instead.
Third step: Update Heroku variables
Go on Heroku console, in settings>Reveal config vars and add LETSENCRYPT_KEY and LETSENCRYPT_CHALLENGE keys with their corresponding values from letsencrypt command, a step before.
Restart Heroku within UI or with the following command where YOUR_APP_NAME is… your app name.
> heroku restart -a YOUR_APP_NAME
It would be a good idea to try the URL from your browser before coninuing.
Fourth step: Verify the challenge and push certificate to Heroku
If your SSL endpoint is not yet setup on Heroku, take the time and money to do it
> heroku addons:create ssl:endpoint -a YOUR_APP_NAME
Then you will be able to push the certificate to your Heroku instance.
> sudo heroku certs:add /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem -a YOUR_APP_NAME
If it’s a certificate update, replace the certs:add by certs:update and your are good.
Fifth and last step: Behold!
Give yourself some time for a walk and think about the beauty of living, yet still away from the coming technological singularity.