Why am I getting the error "No key found that signs the certificate" when uploading my SSL certificate?

Issue

You're trying to upload a certificate and key for Heroku SSL or the SSL Endpoint add-on, but you're receiving an error like:

Resolving trust chain... failed ! No key found that signs the certificate

Resolution

This means that the private key file you're attaching, we'll call it key.key, doesn't match the public certificate, certificate.crt. The easiest way to check for a mismatch is running these two commands in your terminal:

$ openssl x509 -noout -modulus -in certificate.crt | openssl md5
$ openssl rsa -noout -modulus -in key.key | openssl md5

The outputs from both commands should match. If they don't match, you'll need to find the private key file that matches your certificate. If you're trying to update an existing certificate, please be aware that Heroku support doesn't have the ability to retrieve a private key you've uploaded. It's important to keep the private key file that matches your certificate somewhere safe.

If the outputs match, contact Heroku support.