If you have a client using Godaddy, here's a quick tip for setting up a Godaddy domain for heroku.
heroku domains:add www.example.com
That's easy enough to go into Godaddy's DNS manager and add a cname for
www and link it to your heroku domain
example.herokuapp.com.
But, heroku doesn't support naked domains (example.com).
Some providers like DNSimple provide
an alias for a naked domain. The next best thing is a forwarder. After
setting up your CNAME record, exit out and find the link to turn
forwarding on. Then, forward example.com to www.example.com (default is
301 permanent...you want that). Now you're good to go!
I really love Heroku. The simplicity and beauty of how it all works
just makes me happy. However, unlike most of their
instructions/documentation, I recently ran into a bit of trouble when
setting up a custom domain ssl. Looking back on it, it wasn't all that
big of a deal, but here's a few details in what I had to do to get it
working.
First, know that you can always use heroku's free ssl
with your-app.herokuapp.com, but if you want https://www.yourapp.com,
you have to pay the $20/mo fee and setup the SSL Endpoint
Add on.
Everything was heroku smooth until I got to the upload certificate part.
Every time I tried to upload the certificate, I got an error. I've
setup a few servers using ssl and felt pretty confident that I was using
the right certificates/keys/etc. After a bit of trying and failing, and
googling, I remembered in the last nginx server I setup for ssl I came
across documentation for root certificates:
if you have a chain of certificates — by having intermediate
certificates between the server certificate and the CA root certificate
— they're not specified separately like you would do for Apache. Instead
you'll need to concatenate all the certificates, starting with the
server certificate, and going deeper in the chain running through all
the intermediate certificates. This can be done with "cat chain.crt >>
mysite.com.crt" on the command line. Once this is done there's no
further use for all the intermediate certificates in what Nginx is
concerned. You'll indicate in the Nginx configuration the file with all
the (concatenated) certificates.
I decided to give it a try. I mostly use www.dnsimple.com for ssl certs ($20
bucks!) and they use RapidSSL. So I downloaded the rapidssl_bundle.pem
file and concatenated it to the bottom of the server cert. Then
heroku certs:add server.crt server.key worked just fine!
The other area I'm still a bit confused about is the "Configure DNS"
section. You'll need to add (or change if you already have setup) your
CNAME record to point to the new ssl endpoint add on that heroku creates
when you successfully add your keys. What's not clear is if you still
want to serve regular http traffic to certain parts of the app, does it
still work?? The app I did this on we use https all the time, so it
wasn't an issue, but I'm curious about the non https and how it works.
UpdateMatthew Manning
@ Heroku was kind enough to read my article and answered my question.
"Yes. A SSL endpoint can be used with both secure (https) and insecure
(http) traffic." Thanks!
NOTE: It's been a few weeks since I ran into this trouble and now that
I'm wring the blog article I wanted to try and recreate the error. My
app still isn't live, and so as to avoid the $20 charge on another app,
I just removed the keys and was going to try and re upload the cert
only. It actually worked this time without the pem (no error). I'm not
sure if this is because heroku still had something in cache or what??
However, even though it worked, when I previewed my certs heroku
certs I got:
