Heroku SSL added but visiting domain still says connection is not private

Question

I use Heroku for deploying my app and I used GoDaddy to purchase my custom domain name and I purchased my SSL certificate from them.

Let's call my heroku hosted version of my application example-101.herokuapp.com And let's call my custom domain I own mycustomdomain.com

I was trying to set up my GoDaddy purchased SSL certificate through heroku, and followed all of the steps here through step 7: http://www.joshwright.com/tips/setup-a-godaddy-ssl-certificate-on-heroku

Everything appears to be set up well. When I look in my Heroku GUI, at my settings for example-101.herokuapp.com, under 'Custom Domains' it lists www.mycustomdomain.com and mycustomdomain.com, each with DNS target mycustomdomain.com.herokudns.com and www.mycustomdomain.com.herokudns.com respectively.

When I run in the terminal:

curl -kvI https://www.mycustomdomain.com

the output says it "Connected", it "successfully set certificate verify locations", and after all the handshakes it says "SSL certificate verify ok."

Now, here is where I'm afraid my problem may be.

In GoDaddy, under my DNS Management for mycustomdomain.com, I followed heroku instructions by creating a new record as follows: Type: CNAME Name: www Value: example-101.herokuapp.com TTL: 1 hour

But this was based on documentation that doesn't take into regard adding an SSL certificate.

When I run

heroku certs

it gives me the following: Name: brachiosaurus-94028 Common Names: www.mycustomdomain.com, mycustomdomain.com Trusted: True Type: SNI

Should I be referencing brachiosaurus-94028 anywhere?

When I actually try to visit www.mycustomdomain.com in my browser, the error it reads is NET::ERR_CERT_COMMON_NAME_INVALID , and in the details, it says the Subject is *.herokuapp.com Is that the issue? That it's pointing to herokuapp.com when it should be pointing to herokussl.com or something of that nature?

If you have any insight on why this isn't working please let me know.

Also, I just set all of this up about an hour ago. Does it take a day or two before it it working properly and the browser recognizes the SSL certificate? Am I jumping the gun on asking for help?

Answer 1

In my case, this error was encountered because my DNS record specified app-name.herokuapp.com as the target for the CNAME rather than the provided DNS target. Update your DNS record to point at the correct DNS target.

To get the correct DNS target, run heroku domains in cli and it will show something like:

=== app-name Custom Domains Domain Name DNS Record Type DNS Target
api.myapp.io CNAME powerful-tick-i29i319i39121321.herokudns.com

Answer 2

I contacted the heroku support, my problem was fixed.

1, set your CNAME correctly(I used the namecheap domains)

2, after that, check that the heroku DNS target is the same as the namecheap host value.

3, restart the ACM (ssl)

4, you need to wait for several minutes to check the website.

Answer 3

Heroku has a new ssl implementation: https://devcenter.heroku.com/articles/ssl

The asker appears to be using this new implementation. For this implementation, it's required to set the CNAME in your DNS Management as mycustomdomain.com.herokudns.com. You do not need to reference your certificate name, brachiosaurus-94028 in your case.

Answer 4

When you add the SSL addon to Heroku, it generates a new domain, and you should use it as your CNAME value, and it's not the original herokuapp.com anymore. The heroku certs command should give you the domain you should use, which ending is herokussl.com

In your case, you probably should set the value of your CNAME as brachiosaurus-94028.herokussl.com (you can test the endpoint on your browser to see if it works).

It should not take so much time for it to work also (when I do this it is always instantly)

For more information check Heroku docs