If you google for Heroku SSL you will find a surprisingly long list of blog posts usually with many steps.
However, it is actually much easier than what most of them list, especially if you are using DNSimple (note: affiliate link).
Here is how to setup a Hostname Based certificate on Heroku:
Note: For wildcard certificates check out Ryan McGeary’s blog post.
- Head over to DNSimple and buy a certificate.
- After you click purchase, DNSimple will give you a private key. Download and save this to a file called private.key.
- After jumping through a couple hoops with RapidSSL you will receive an email with 2 certificates. Save the first (web server certificate) as web.crt and the second (intermediate) as chain.crt.
- You will now need to combine these two files. cat web.crt chain.crt > domain.pem did the trick for me with ONE major exceptions. There needs to be a line break between END CERTIFICATE and BEGIN CERTIFICATE (web and chain). This could be a copy and paste issue on my part, but they were not separated and caused an issue.
- Now you can add them to Heroku with: heroku ssl:add domain.pem private.key
- Next enable the cert on Heroku: heroku addons:add ssl:hostname
- Finally, in a minute or two you will receive an email with CNAME you need add to your DNS settings.
The file names private.key, web.crt, chain.crt, and domain.pem should be named something more appropriate for your domain. The exact names have no meaning.