How to use HTTPS on my customdomain on Heroku?

Question

I'm using Ruby on Rails and AngularJs in my app. I deployed to https://myapp.heroku.com and everything works fine.

Now I bought a custom domain at GoDaddy.com and I set it up with Heroku to redirect to my app. Works fine. The problem is, instead of using HTTPS is using HTTP.

What are the steps to change this? I looked a few tutorials but they seem old and not updated.

According to Heroku the SSL certificate is automatically managed. Do I need to buy a certificate at GoDaddy.com?

Answer 1

When it comes to SSL these days, do not run out and purchase one. It can be a waste of your money if you have the skills to set up auto-renewal with Let's Encrypt.

I would recommend checking out SSL Endpoint and Automated Certificate Management from Heroku on setting up and automating the SSL process. There's a lot of information in there and will help keep your costs down.

If this is a bit complicated or you would prefer another plan of attack, you can also use the Let's Encrypt Plugin for Ruby on Rails

Also, don't forget to turn config.force_ssl = true on in your config/environments/production.rb file. This way, Rails will redirect all HTTP traffic to HTTPS. If you would prefer the browser to do the redirects instead of the server, you can have Rails, since you're on Heroku and not a customer Nginx server, respond with a Strict-Transport-Security header; added link so you know how to configure this guy appropriately in regards to your application.

Answer 2

Yes, you'll need to get SSL certs from godaddy or some other providers. Then

1. go to your app settings in heroku
2. Look under "Domains and certificates" section
3. Configure SSL button.

Now just follow the steps and you'll be done.

Answer 3

Yes, most web hosting companies require you to purchase an ssl certificate. In the case of GoDaddy.com, check out their ssl certificate page.