Why am I getting the error "No key found that signs the certificate" when uploading my SSL certificate?


You're trying to upload a certificate and key for Heroku SSL, but you're receiving an error like:

Resolving trust chain... failed ! No key found that signs the certificate


This means that the private key file you're attaching, we'll call it private.key, doesn't match the public certificate, your-domain.crt. The easiest way to check for a mismatch is running these two commands in your terminal:

$ openssl x509 -noout -modulus -in certificate.crt | openssl md5
$ openssl rsa -noout -modulus -in key.key | openssl md5

The outputs from both commands should match. If they don't match, you'll need to find the private key file that matches your certificate. If you're trying to update an existing certificate, please be aware that Heroku support doesn't have the ability to retrieve a private key you've uploaded. It's important to keep the private key file that matches your certificate somewhere safe.

If the outputs match, contact Heroku support.

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support