Add ssl to express app on heroku free dyno using sabayon

I have followed the instructions here :
to setup lets encrypt certificate on my app hosted on Heroku Free Dyno.
(I know that there exists automated Lets Encrypt for Hobby/Professional Dynos, mine is Free, so apparently there isn’t any).

when I run the sabayon bin:

heroku run sabayon --force -a letsencrypt-my-app
Running sabayon --force on letsencrypt-my-app... up, run.7885 (Free)
2017/05/20 08:48:40 cert.create email='' domains='[]'
2017/05/20 08:48:41 [INFO] acme: Registering account for
2017/05/20 08:48:42 [INFO][] acme: Obtaining bundled SAN certificate
2017/05/20 08:48:42 [INFO][] AuthURL:
2017/05/20 08:48:42 [INFO][] acme: Could not find solver for: tls-sni-01
2017/05/20 08:48:42 [INFO][] acme: Trying to solve HTTP-01
2017/05/20 08:48:42 cert.validate
2017/05/20 08:49:02 cert.validated
2017/05/20 08:49:04 acme: Error 403 - urn:acme:error:unauthorized - Invalid response from "<!DOCTYPE html>
<html lang="en">
<meta charset="utf-8">
<pre>Not Found</pre>
Error Detail:
        Validation for
        Resolved to:
        Used: 54.228.XXX.50

I have also included this route in my app:

app.get('/.well-known/acme-challenge/:acmeToken', function(req, res, next) {
  var acmeToken = req.params.acmeToken;
  var acmeKey;

  if (process.env.ACME_KEY && process.env.ACME_TOKEN) {
    if (acmeToken === process.env.ACME_TOKEN) {
      acmeKey = process.env.ACME_KEY;

  for (var key in process.env) {
    if (key.startsWith('ACME_TOKEN_')) {
      var num = key.split('ACME_TOKEN_')[1];
      if (acmeToken === process.env['ACME_TOKEN_' + num]) {
        acmeKey = process.env['ACME_KEY_' + num];

  if (acmeKey) res.send(acmeKey);
  else res.status(404).send();

I don’t know how i can make sure that this route is accessible or not.

Could somebody help me understand what I am missing here? thanks

hi @Tomus

Your issues seem to be related to being able to access files from your webroot

Sabyon is written by a Third Party (Heroku) so I suggest raising an issue for this on their github as they are probably more familiar with their code base.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.