We already deployed our RoR app to Heroku in this post.
Let’s set up SSL with Heroku and our Rails application.
I’ve actually wasted several hours sorting out SSL manually, going and buying a new certificate, verifying domain etc. and when I got to the last step, I realized Heroku can do this out of the box for you for free! (provided you’re on at least hobby dyno).
So perhaps this will save someone some time – note these instructions are only
if you’re using Heroku.
If you go to Heroku guide on sorting ssl you will see what we’re going to be doing here.
The several steps are, execute this command:
heroku certs:auto:enable
This is almost it!
You may have a error, like I did, for having a wildcard in domain name
You can verify using
heroku domains
which will show that I originally setup domain with a wildcard like this: *.yazii.co.uk
I then execute
heroku domains:remove *.yazii.co.uk
heroku domains:add www.yazii.co.uk
then you can execute the command to generate ssl again:
heroku certs:auto:enable
You can then check the progress:
heroku certs:auto
=== Automatic Certificate Management is enabled on yazii
Domain Status Reason Last Updated
─────────────── ─────── ───────────────────────────────────────── ──────────────────
www.yazii.co.uk Failing Unable to resolve DNS for www.yazii.co.uk less than a minute
The reason this is failing is because I added a new domain, which has a different URL to previous one. So I just need to go to GoDaddy domain management and modify it there
First get the DNS target with heroku domains
Then insert it with your domain management tool, here’s example with GoDaddy.
After a short while, execute the command to check again:
heroku certs:auto
=== Automatic Certificate Management is enabled on yazii
Certificate details:
Common Name(s): www.yazii.co.uk
And things should be now working as expected!
Finally, you’ll need to make your app use this ssl, in Rails its very easy.
Find the production.rb
configuration file and enable force_ssl
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
config.force_ssl = true
commit and push that to your server.
Now if you visit your website, in my case yazii.co.uk you will find that it will be shown as secure!
And this was way easier than some of the manual methods involved. Kudos to Heroku for automating it.