Configuring SSL for an App Heroku HTTPS

Question

Hello I am currently going through the tutorial below to add ssl to my heroku app

https://gist.github.com/shripadk/552554

so for today, I bought a domain name, set the cname to point to my heroku app

Currently my domain name is working.

I am trying to add ssl security feature to my app so secure.domainname.com works

Following the tutorial

heroku addons:add custom_domains:basic

I got an error

add ons not found

I can't find this add on on heroku as well. but I searched this command through stackoverflow and its suppose to exist?

I got the same error with this command

heroku addons:add ssl:hostname

but it also said adds on not found, later I found this same add on heroku but its with a different command.

This is the part that I don't get on the tutorial

After adding the ssl add on

This will add a $20/month (as of the time of this writing) fee to your Heroku bill for SSL. VI: Setting up your DNS to work with Heroku Hostname SSL

1. You should recieve an email from heroku within a few minutes of adding the ssl:hostname addon. You need to add a CNAME record to your DNS that points to the AWS host in the email you receive. This should be pretty self explanatory, but if you have any questions, search for 'adding a CNAME record' in Google and you'll see lots of good guides.

2. Test that 'host secure.yourdomain.com' outputs 'something.amazonaws.com'. If it does, you're all set. You should now be able to go to 'https://secure.yourdomain.com' and not see any errors or security warnings. What is going on behind the scenes When a user visits your site using 'http://secure.yourdomain.com', they're hitting your GoDaddy CNAME record, which points to an 'something.amazonaws.com' address which effectively routes the request to Heroku's grid, and a secure connection gets established from there following the standard SSL handshake process.

I didn't get an email, neither does appname.herokussl.com exist? Am I suppose to use Zerigo DNS? for anything, its mentioned once in the top of the tutorial but not anywhere else?

From reading the comments, someone got a problem with the end part as well.

Thanks!

Answer 1

I followed this tutorial for both heroku and for my own server setup and when trying to setup on heroku for the first time I did not do it correctly so I will explain some of the important steps when setting up ssl on heroku.

1. Use OpenSSL to generate a new self-signed certificate ('host.csr') using the host key we just created. This is what you'll be sending to GoDaddy to model your new SSL after.

At the step above make sure you fill in the information correctly and also make sure your common name matches your ssl certificate name.

2. Combine 'secure.yourdomain.com.crt' and 'host.key':

You will need to combine your ssl keys. If you're using godaddy there are 2 files included name gd_bundle.crt and secure.yourdomain.com. Upon during the tutorial you will generate about 5-6 files in which you will only use 1.

1. Remove pass phrase from the public key certificate (required by Heroku)

In order for heroku to read your ssl cert you will need to remove all passwords on the certs so make sure the passwords are removed. There will be two files depending on how you have combined them with the extensions .pem and .key (The updated ones not the ones you started with).

You've most likely added the domain and subdomain so now through the command line run

 heroku ssl:add ../ssl-cert/public.pem ../ssl-cert/private.key

Remember get the path of the newly updated files. Also when editing the files and copying over keys make sure there are no white spaces in between keys. Let me know if this helps.