I ran into a bit of an issue today while creating a certificate with CloudFormation. After kicking the stack off it ended up hanging on a step to create a domain verification entry in Route 53.
I had used this script multiple times for creating a certificate for a subdomain, but this time I included an apex domain as well. In order to narrow things down a little further I checked out the certificate via the console:
While the subdomain had passed the apex domain was still sitting in pending. Surprisingly, in Route53 the record DID exist. In order to get things moving again I manually deleted the record and then clicked “Create records in Route 53”.
This re-created the record I’d just deleted, and after a couple of minutes the domain validation passed and then the certificate was created:
This was a bit of a weird one that I have been unable to reproduce. I’m not certain why the DNS validation ended up hanging but retriggering the process seems to have resolved it.
Note that there are other legitimate reasons why your deployment might be hanging at this step:
When you use the AWS::CertificateManager::Certificate resource in a CloudFormation stack, domain validation is handled automatically if all three of the following are true: The certificate domain is hosted in Amazon Route 53, the domain resides in your AWS account, and you are using DNS validation.
However, if the certificate uses email validation, or if the domain is not hosted in Route 53, then the stack will remain in the CREATE_IN_PROGRESS state. Further stack operations are delayed until you validate the certificate request, either by acting upon the instructions in the validation email, or by adding a CNAME record to your DNS configuration. For more information, see Option 1: DNS Validation and Option 2: Email Validation.
I’ve been mucking around with PayPal for a while and decided to try out the adaptive_payments gem by Tommy Chheng. Unfortunately I ran into the following error:
Neither PUB key nor PRIV key:: nested asn1 error
It turns out that I’d simply skipped an important part of the readme file. The api_cert_file in the paypal_adaptive.yaml file should point to a file containing BOTH your paypal_cert_pem.txt and whatever your private key happens to be. This took an embarrassingly long time for me to figure out, so hopefully this will help some of you!
It turns out I still had this wrong, I was using the wrong certs. After sorting out a few more errors that I ran into after the one mentioned above I finally started getting a response from Paypal, unfortunately it was another error message:
Authentication failed. API credentials are incorrect
It turns out I was using the wrong certs. If you’ve run into the same problem you’ll need to go to Profile > Request API Credentials > Option 2 (Request API credentials to create your own API username and password.). Then download the cert and point to this.
Hey everyone, just another update to this. If you happened to be following the railscast on PayPal before attempting to use the gem, you may not get the option to download the certs mentioned above. To get around this, simply remove your existing certificates (Profile > API Access > Option 2 > Remove > Remove). You should now see the ‘Request API Certificate Option’.
Sorry about the confusing post, but there’s a *slight* chance it might be able to help someone else who runs into the same problem.