Heroku hosted RoR site with CloudFlare ssl not working

Question

I am in desperate need of help! I have a Ruby on Rails site hosted on Heroku. The site works fine withe the heroku app address. I am trying to get my custom url working, with ssl. My url is registered with GoDaddy and I created a CloudFlare account for ssl without having to pay the $20/mo that Heroku charges.

I have the domain names added in heroku. I created the cname and cname flattening in the CloudFlare DNS and changed the nameservers from godaddy. I have a full ssl certificate, which CloudFlare displays as active. However, when I try to access the website, i get the following error:

SSL Connection Error: Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

I have gone through the faq on CloudFlare without success. Can anyone help me out on what I may be doing wrong?

Thanks!

==================================================

• SSLv3, TLS handshake, Client hello (1):
• SSLv3, TLS alert, Server hello (2):
• error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
• Closing connection 0 curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

Answer 1

A bit late but this worked for me:

Step 1

Make a Cloudflare account, and add the bought domain to cloudflare and transfer the DNS settings'

Step 2

Add your domain to your heroku panel. On the heroku site, log in, go to 'settings' press 'add custom domain' - Add both your domain 'www.example.com' and your root domain 'example.com'

Step 3

If you haven't changed your nameservers on your initial domain provider to point to the cloudflare nameservers, please do so now. You can find the cloudflare nameservers which are assigned to you on your cloudflare panel under 'DNS' -> 'cloudflare name servers'

Step 4

Go to 'DNS' on your cloudflare account and remove all records (A, CNAME, ALIAS,TXT etc..). Now add a CNAME record. The name should be your site 'www.example.com' (with www) and it should point to your heroku app example-example.herokuapp.com

Step 5

Create a Google Business account. And follow along with the verification steps given by Google.

Step 6

Log in at admin.google.com and go to 'domains'. If you can't see 'domains' click on 'more elements'. Now click on 'change redirect' and make your root domain 'example.com' redirect to 'www.example.com'.

Step 7

Go to your cloudflare panel and go to 'DNS', now add 4 'A' Records. - All 4 of the 'A' records should have the name of your root domain 'example.com' and they should point to 216.239.32.21, 216.239.34.21, 216.239.36.21, 216.239.38.21, which are the ip addresses given by Google to make the redirects work.

Side note

On cloudflare, the 'A' record statuses need to be set to 'DNS Only' and the 'CNAME' record statuses to 'DNS and HTTP proxy(CDN)'

Step 8

On your rails app go to production.rb and make sure config.action_mailer.default_url_options = { host: 'https://example-example.herokuapp.com' } is set to config.action_mailer.default_url_options = { host: 'example-example.herokuapp.com' } so simply remove the 'https://'.

And also config.force_ssl should be false

After you have done that make sure you upload the result to heroku.

Step 9

At cloudflare go to 'crypto' and make sure SSL is set to 'Flexible', if not please change it now, it might take a few moments before the changes are completed by cloudflare.

CONGRATULATIONS !!!!!!!!!!!!!

At this point your site should be up and running and working for both your root domain aswell as for your full domain.

EXTRA

ONLY IF YOU WANT BUSINESS EMAILS BY GMAIL (eg. info@example.com)

On cloudflare go to 'DNS' and add 5 'MX' Records.

1. example.com(your root domain) - point to aspmx.l.google.com with priority 1
2. example.com(your root domain) - point to alt1.aspmx.l.google.com with priority 5
3. example.com(your root domain) - point to alt2.aspmx.l.google.com with priority 5
4. example.com(your root domain) - point to alt3.aspmx.l.google.com with priority 10
5. example.com(your root domain) - point to alt4.aspmx.l.google.com with priority 10

Note: The TTL should be set to '1 hour' for all 'MX' records.

Now go out there and be the best version of yourself!!