Reputation: 3512
Heroku Naked SSL Custom Domain
I'm trying to find a current, up to date answer for setting up naked domain with Godaddy and Heroku SSL. My goal is for all pages to land on a secure page at https://www.example.com
https://www.example.com does go to a secure page.
example.com goes to an insecure page.
https://example.com does not work.
My current set up is as follows:
In heroku settings:
Domain Name | DNS Target
example.com | example.com.herokudns.com
www.example.com | www.my-domain.herokudns.com
Go Daddy Settings:
CNAME | www | www.example.com.herokudns.com
Forwarding settings:
Forward to: https:// | www.example.com
Upvotes: 1
Views: 1383
Answers (4)
Reputation: 334
Root domains on Heroku require the use of ALIAS ANAME or FLATTENING records.
Unfortunately, a number of popular DNS hosts such as GoDaddy, Bluehost, Google Domains, OVH, Hostinger and others do not support these types of records. Many of these Providers will tell you there is no such thing as ALIAS, ANAME or FLATTENING Records and many of these providers will tell you to set an A Record instead, however;
- A Records do not work with Heroku for routing
- A Records require static IP Addresses and static IP Addresses do not work with Heroku for routing, because Heroku (and many other cloud platforms) use dynamic IP's.
Instead, you can either:
- Not use a naked domain and just use your www sub domain
- Redirect/ Forward your HTTP root domain to your www sub domain. This won't work for your HTTPS root domain though
- Use an Alternate DNS Provider. Heroku recommends the following: https://help.heroku.com/NH44MODG/my-root-domain-isn-t-working-what-s-wrong
Upvotes: 3
Reputation: 780
Yeah, it's a pretty stupid issue that some of the big DNS manager providers out there still have. The way to solve it is to have a server with an SSL certificate installed, and then point your naked domain to that static IP. The server then will redirect to the "www" version of your domain, which is now served under SSL by Heroku. Tedious.
If you don't want to do all that, just use https://www.nakedssl.com, which does exactly that – but automated (and for free for one domain).
Disclaimer: I'm part of the team that created NakedSSL, but I hope you take this as help and not as self-promotion. As explained above, the problem is as easy as tedious to solve, and I think NakedSSL is a pretty straight forward workaround.
Upvotes: 2
Reputation: 146
I believe naked subdomain or wildcards are not supported by heroku automated certs because of the let's encryption restrictions. So you need to set up a subdomain everytime you want to use Heroku's automatic certs.
ALSO VERY IMPORTANT! Don't forget to remove or edit any unsercured links to external assets. Otherwise browsers will jugde the page with those links unsecured as described in the Modzilla support page about mixed content.
Upvotes: 0
Reputation: 3512
Solved it.
Best way to get SSL set up is to use this package which automatically makes every page on your app SSL. Fantastic package. https://www.npmjs.com/package/force-ssl-heroku
Getting the naked domain set up with Godaddy easily: Set forwarding to your domain: https://www.my-domain.com. This will redirect non www to the correct place. :)
Upvotes: 1
Related Questions
- Custom domain which heroku forwarded to in not secure node.js
- Connection not secure with heroku custom domain?
- configuring heroku hobby dyno with a namecheap domain at root level
- Heroku naked domains with DNS & SSL
- SSL in Heroku with a custom domain
- Subdomain setup for Heroku
- HTTPS + SSL on Heroku - Node + Express
- ssl on custom domain for heroku app
- Point subdomain to heroku app
- Heroku piggyback SSL with node and express - any config needed?