I'm trying to setup SSL certs with heroku and godaddy. I've successfully created a cert with LetsEncrypt, and have received this message
Your certificate has been added successfully. Update your application's DNS settings as follows
Domain Record Type DNS Target
─────────────────────── ─────────── ─────────────────────────────────────
secure.lockdownjobs.com CNAME secure.lockdownjobs.com.herokudns.com
www.lockdownjobs.com CNAME www.lockdownjobs.com.herokudns.com
The part I'm struggling with is DNS Target how in godaddy do I point the domain at the DNS target?
Just add the CNAME in Godaddy. Go to your domain, click on DNS File settings and add a new CNAME:
CNAME
www
Target
secure.lockdownjobs.com.herokudns.com
I recommend you read about how to add SSL certificate to Heroku:
https://devcenter.heroku.com/articles/ssl-endpoint#setting-up-ssl-on-heroku
And also the much easier way of doing it (Let Heroku do it):
https://devcenter.heroku.com/articles/automated-certificate-management
Related
I am trying to setup my own domain with an SSL certificate but I just can't get it right. Do I have to put as a DNS the app URL or the DNS generated when I add my domain? I am using GoDaddy and I have seen a lot tutorials saying some of them that you have to use the *.herokuapp.com DNS and other say that the DNS generated in Heroku.
Also, when I look for my app in Google it says that the certificate is not valid for *.herokuapp.com but the one I uploaded was for my personal domain!
At last, sometimes I get the error NET::ERR_CERT_COMMON_NAME_INVALID, can someone help me please?
Automatic Certificate Management (ACM)
The simplest solution doesn't even require you to buy an SSL certificate, but you do need a paid dyno on Heroku. The $7 hobby tier works fine.
Add the custom domain to your app's domains using the CLI or web interface:
heroku domains:add www.custom-domain.com
Run heroku domains to see what your Heroku DNS target is (this is probably your-app.herokudns.com—note that this is not a .herokuapp.com domain)
Add a CNAME record in your DNS registrar pointing to your DNS target
Enable ACM by running
heroku certs:auto:enable
Wait for your certificate to be generated and enabled
It takes approximately 45 - 60 minutes to fully generate a TLS certificate for custom domains on your application. You can view the status of the certificate that is generated for all of your custom domains by running:
heroku certs:auto
If your status says “DNS Verified”, the process is not finished yet. It means we have verified your domain status and are still in the process of submitting it to Let’s Encrypt. The process will be complete when it says “OK”.
Congratulations! Your site should now have ACM enabled.
ACM is powered by Let's Encrypt, a fantastic free service for adding HTTPS to the web.
Custom certificates
It is also possible to set up HTTPS on Heroku using a custom TLS certificate. But ACM is much easier, and that's what I recommend using.
So here is my issue. I have a Rails 5 Application that is being deployed to AWS using Elastic Beanstalk. I purchased the domain name (eightysixpad.me) from Bluehost.com and updated the DNS records to point to the IP address of the EC2 instance that was created.
I used AWS's Certificate Manager to create an SSL certificate for the domain eightysixpad.me and www.eightysixpad.me. I have verified both of them through email. I created a Load Balancer under the Elastic Beanstalk environment and applied the SSL certificate to it. The AWS Certificate Manager console says the SSL certificate is in use; however, when I go to https://eightysixpad.me, it says Site Cannot be reached. http://eightysixpad.me works fine but says it is unsecure.
I am not sure what I am doing wrong! Any help would be greatly appreciate and I would be more than happy to provide more information if necessary!
Thank you all in advance!
Update the DNS entry to a CNAME and make it point to the DNS endpoint of the ELB , to which you have added the EC2 instance(s).
For example create new CNAME entry to ELB Dns endpoint "name-of-elb-unique-.ap-southeast-1.elb.amazonaws.com"
ELBs in AWS do not have an IP address (always dns names) as IP address keep changing
I have a domain, example.com. It's running on hobby dynos in Heroku, so I figured I would enable Heroku Automated Certificate Management. I've set up Heroku like so:
=== example Custom Domains
Domain Name DNS Target
─────────────── ─────────────────────────────
example.com example.com.herokudns.com
www.example.com www.example.com.herokudns.com
My DNS settings are:
CNAME Record www example.com.herokudns.com.
URL Redirect Record # https://www.example.com Unmasked
However, neither the apex domain (example.com) or the www domain (www.example.com) work when I access the domain.
Help would be greatly appreciated.
I currently have a Let's Encrypt certificate up and running on my root domain, https://www.myapp.com, which is working and serving a Heroku-based Rails app. The domain has a CNAME www to www.myapp.com.herokudns.com.
The site also has a Wordpress install running on www.myapp.com/blog, which forwards to blog.myapp.com using a reverse-proxy described here. The domain has an A record blog pointing at the IP address of the host, a shared hosting server.
I used certbot and have already confirmed the certificate via the ACME challenge. The cert includes both the root and subdomain.
Now I am at a loss as to how to get the subdomain to use the certificate. A visit to https://blog.myapp.com shows the "Your connection is not private" warning in Chrome.
What steps are necessary to get the subdomain cert working? I'm not sure I understand all the moving parts here and where to start. Thanks!
Edit for clarity:
Domain registrar: GoDaddy
Root domain: Heroku Rails app
Subdomain: Wordpress on HostGator
I have a heroku app that should be reachable via http://www.gewerbeverzeichnis-rj.ch
http://www.gewerbeverzeichnis-rj.ch should always be forwarded to the www subdomain.
I have a GeoTrust QuickSSL-Cert for http://www.gewerbeverzeichnis-rj.ch already on heroku.
These are my cert settings:
$ heroku certs:info
Fetching SSL Endpoint toyama-4181.herokussl.com info for gwvz... done
Certificate details:
Common Name(s): gewerbeverzeichnis-rj.ch
www.gewerbeverzeichnis-rj.ch
Expires At: 2015-01-30 12:33 UTC
Issuer: /serialNumber=RnbwGOxjP0RwwLrQg3bvLgnO151VL0E9/OU=GT63736657/OU=See www.geotrust.com/resources/cps (c)14/OU=Domain Control Validated - QuickSSL(R) Premium/CN=www.gewerbeverzeichnis-rj.ch
Starts At: 2014-01-28 07:26 UTC
Subject: /serialNumber=RnbwGOxjP0RwwLrQg3bvLgnO151VL0E9/OU=GT63736657/OU=See www.geotrust.com/resources/cps (c)14/OU=Domain Control Validated - QuickSSL(R) Premium/CN=www.gewerbeverzeichnis-rj.ch
SSL certificate is verified by a root authority.
And here are my DNS settings on Zerigo DNS:
Screenshot on Dropbox
2 questions:
Why is my root domain not forwarded to the www subdomain?
Why is the certificate test on https://ssltools.geotrust.com/checker/views/certCheck.jsp failing?
Any help much appreciated, been stuck here for a while!
Your CNAME entry should be to the SSL endpoint NOT to your Heroku application.
www.gewerbeverzeichnis-rj.ch CNAME toyama-4181.herokussl.com
That will stop the SSL error message rather than trying to use the wildcard *.herokuapp.com certificate that it is using when you CNAME to .herokuapp.com
This particular setup step is at https://devcenter.heroku.com/articles/ssl-endpoint#dns-and-domain-configuration
The site seems to be loading a certificate issued by digicert to *.herokuapp.com which means that your heroku app is not correctly configured to use the certificate you have uploaded.