Since our initial configuration according to https://developers.google.com/amp/cache/update-cache , we were successfully using the /update-cache/c/s/ endpoint for cache purge. Until yesterday, when we accidentally removed the public/private keys that we were using..!
So.. obviously the problem is that the AMP Cached Public RSA key now differ from our current(new) public rsa key.
(I am using example.com below for privacy reasons. Sorry about that)
We generated a new pair but the cached RSA Key does not revalidate even though we tried to revalidate it via
curl -XGET https://www-example-com.cdn.ampproject.org/r/s/www.example.com/.well-known/amphtml/apikey.pub -v
Detailed info
Our new public key is:
text/plain formathttps://www.example.com/.well-known/amphtml/apikey.pubBYPASSED by cdn & server cache (Cloudflare & nginx).Allow: /.well-known/amphtml/apikey.pub FULL robots.txt:
User-agent: *
Disallow: /wp-admin/
Disallow: /trackback/
Disallow: /xmlrpc.php
Disallow: /feed/
Disallow: /wp-login.php
Disallow: /?s=
Disallow: /search/
Allow: /.well-known/amphtml/apikey.pub
User-agent: Googlebot
Disallow: /*?*smid=
Disallow: /*?*partner=
Disallow: /*?*utm_source=
URL Formats:
https://www-example-com.cdn.ampproject.org/c/s/www.example.com/article-slug/amp/
https://www-example-com.cdn.ampproject.org/r/s/www.example.com/.well-known/amphtml/apikey.pub
https://www-example-com.cdn.ampproject.org/update-cache/c/s/www.example.com/article-slug/amp/?amp_action=flush&_ts=<timestamp>&_url_signature=<signature>
Since the two RSA keys are different, we are now getting a 403 URL signature verification error.
24 hours have passed since the key change.. Is there any way that we can force the old cached RSA key to invalidate/re-cache ?
Or are am i doing anything wrong here?
Thanks!
Fixed. It was not an issue after all... Just needed to wait a little longer. RSA Key updated and afterwards AMP Cache cleared as normal!
Everything i described is correct. Leaving it as a guide for others.
Thanks