Certificate Installation : Heroku
SSL Installation Heroku
All we need to have is the certificate and private key for SSL installation.
SSL configuration on Heroku depends slightly on where you are deploying your application.
Create the addon
It is required only if you app in common Runtime. Else you can skip this step.
$ heroku addons:create ssl:endpoint
Adding Certificate, Intermediate and Private key
We need to combine the certificate and the bundle to a single .crt file.
Add your certificate, any intermediate certificates, and private key to the endpoint with the
Heroku automatically strips out unnecessary parts of the certificate chain as part of the
$ heroku certs:add server.crt server.key
Adding SSL Endpoint to example... done
The endpoint URL assigned to your app will be listed in the output,
For apps in the Common Runtime, the endpoint domain name will vary depending on region. The US region will have a name in the form of
To Verify the Configuration
$ heroku certs
For obtaining detailed information about Certificate use
$ heroku certs:info
DNS and Domain Configuration
Once the SSL endpoint is provisioned and your certificate is confirmed, you must route requests for your secure domain through the endpoint URL. Unless you’ve already done so, add the domain specified when generating the CSR to your app with.
$ heroku domains:add www.domain.com
Added www.example.com to example... done
To do an installation check
Use a command line utility like
Also you can use our SSLanalyser to verify the certificate installation.
You can update a certificate using the
$ heroku certs:update server.crt server.key
Updating SSL Endpoint endpoint example-2121.herokussl.com for example... done
If, for some reason, the new certificate is not working properly and traffic to your app is being disrupted, you can roll back to the previous certificate:
$ heroku certs:rollback
Rolling back SSL Endpoint endpoint tokoy-2121.herokussl.com on example... done
You can remove a certificate using the
$ heroku certs:remove
Removing SSL Endpoint endpoint example-2121.herokussl.com on example... done
Removing a certificate will remove the SSL endpoint so any domain names pointing to it will stop working.