Certificate Installation : Heroku
Posted by Comodo Technical Support - Gurubaran, Last modified by Nicole Wayland on July 06 2016 14:47

SSL Installation Heroku

All we need to have is the certificate and private key for SSL installation.

SSL configuration on Heroku depends slightly on where you are deploying your application.


Create the addon

It is required only if you app in common Runtime. Else you can skip this step.

$ heroku addons:create ssl:endpoint


Adding Certificate, Intermediate and Private key

We need to combine the certificate and the bundle to a single .crt file.

cat domain_com.crt domain_com.ca-bundle > server.crt

Add your certificate, any intermediate certificates, and private key to the endpoint with the certs:add command.

Heroku automatically strips out unnecessary parts of the certificate chain as part of the certs:add command. In some scenarios, this may not be desired.

$ heroku certs:add server.crt server.key
Adding SSL Endpoint to example... done

The endpoint URL assigned to your app will be listed in the output, example-2121.herokussl.com in this example. Visiting this URL will result in a “no such app” message – this is expected. Read further for proper verification steps.

For apps in the Common Runtime, the endpoint domain name will vary depending on region. The US region will have a name in the form of example-2121.herokussl.com. Apps in the EU region will have the same domain name as your app’s herokuapp domain, e.g. my-app-name.herokuapp.com. Apps in Private Spaces will have a name in the form of some-name.some-other-name.herokuspace.com In all cases, the output of the certs:add command will accurately reflect this.


To Verify the Configuration

$ heroku certs

For obtaining detailed information about Certificate use certs:info

$ heroku certs:info


DNS and Domain Configuration


Once the SSL endpoint is provisioned and your certificate is confirmed, you must route requests for your secure domain through the endpoint URL. Unless you’ve already done so, add the domain specified when generating the CSR to your app with.

 $ heroku domains:add www.domain.com

 Added www.example.com to example... done


To do an installation check

Use a command line utility like curl to test that everything is configured correctly for your secure domain.

 curl -kvI https://www.domain.com

Also you can use our SSLanalyser to verify the certificate installation.



Update Certificate

 You can update a certificate using the certs:update command with the new certificate and the new or an existing private key:

 $ heroku certs:update server.crt server.key
  Updating SSL Endpoint endpoint example-2121.herokussl.com for example... done


If, for some reason, the new certificate is not working properly and traffic to your app is being disrupted, you can roll back to the previous certificate:

$ heroku certs:rollback
Rolling back SSL Endpoint endpoint tokoy-2121.herokussl.com on example... done

Remove Certificate

You can remove a certificate using the certs:remove command:

 $ heroku certs:remove
 Removing SSL Endpoint endpoint example-2121.herokussl.com on example... done

Removing a certificate will remove the SSL endpoint so any domain names pointing to it will stop working.

(1 vote(s))
Not helpful

Comments (0)