I am in desperate need of help! I have a Ruby on Rails site hosted on Heroku. The site works fine withe the heroku app address. I am trying to get my custom url working, with ssl. My url is registered with GoDaddy and I created a CloudFlare account for ssl without having to pay the $20/mo that Heroku charges.
I have the domain names added in heroku. I created the cname and cname flattening in the CloudFlare DNS and changed the nameservers from godaddy. I have a full ssl certificate, which CloudFlare displays as active. However, when I try to access the website, i get the following error:
SSL Connection Error: Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
I have gone through the faq on CloudFlare without success. Can anyone help me out on what I may be doing wrong?
Thanks!
==================================================
SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS alert, Server hello (2):
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
Closing connection 0
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
A bit late but this worked for me:
Step 1
Make a Cloudflare account, and add the bought domain to cloudflare and
transfer the DNS settings'
Step 2
Add your domain to your heroku panel. On the heroku site, log in, go
to 'settings' press 'add custom domain'
- Add both your domain 'www.example.com' and your root domain 'example.com'
Step 3
If you haven't changed your nameservers on your initial domain
provider to point to the cloudflare nameservers, please do so now. You
can find the cloudflare nameservers which are assigned to you on your
cloudflare panel under 'DNS' -> 'cloudflare name servers'
Step 4
Go to 'DNS' on your cloudflare account and remove all records (A,
CNAME, ALIAS,TXT etc..).
Now add a CNAME record. The name should be your site 'www.example.com' (with www) and it should point to your heroku app example-example.herokuapp.com
Step 5
Create a Google Business account. And follow along with the
verification steps given by Google.
Step 6
Log in at admin.google.com and go to 'domains'. If you can't see
'domains' click on 'more elements'. Now click on 'change redirect' and
make your root domain 'example.com' redirect to 'www.example.com'.
Step 7
Go to your cloudflare panel and go to 'DNS', now add 4 'A' Records.
- All 4 of the 'A' records should have the name of your root domain 'example.com' and they should point to 216.239.32.21,
216.239.34.21, 216.239.36.21, 216.239.38.21, which are the ip
addresses given by Google to make the redirects work.
Side note
On cloudflare, the 'A' record statuses need to be set to 'DNS Only'
and the 'CNAME' record statuses to 'DNS and HTTP proxy(CDN)'
Step 8
On your rails app go to production.rb and make sure
config.action_mailer.default_url_options = { host:
'https://example-example.herokuapp.com' } is set to
config.action_mailer.default_url_options = { host:
'example-example.herokuapp.com' } so simply remove the 'https://'.
And also config.force_ssl should be false
After you have done that make sure you upload the result to heroku.
Step 9
At cloudflare go to 'crypto' and make sure SSL is set to 'Flexible',
if not please change it now, it might take a few moments before the changes are completed by cloudflare.
CONGRATULATIONS !!!!!!!!!!!!!
At this point your site should be up and running and working for both
your root domain aswell as for your full domain.
EXTRA
ONLY IF YOU WANT BUSINESS EMAILS BY GMAIL (eg. info#example.com)
On cloudflare go to 'DNS' and add 5 'MX' Records.
example.com(your root domain) - point to aspmx.l.google.com with priority 1
example.com(your root domain) - point to alt1.aspmx.l.google.com with priority 5
example.com(your root domain) - point to alt2.aspmx.l.google.com with priority 5
example.com(your root domain) - point to alt3.aspmx.l.google.com with priority 10
example.com(your root domain) - point to alt4.aspmx.l.google.com with priority 10
Note: The TTL should be set to '1 hour' for all 'MX' records.
Now go out there and be the best version of yourself!!
Related
I recently downgraded one of my Heroku apps to a free dyno - as a result, the SSL was revoked (cos I was using the SSL provided with a paid dyno). Now, when I visit my site URL, it gives me this error: ERR_SSL_PROTOCOL_ERROR
I've edited my production.rb file to set: config.force_ssl = false and published that code, but it still redirects my site to https when I try to connect on http.
Now, to complicate things:
This only applies to my custom domain - the .herokuapp.com domain works fine
It works fine on incognito mode on both the custom domain and the herokuapp.com domain
I've tried clearing the cookies and cache (for the last 7 days) and it still didn't work :/
Any ideas what I can do?
Edit:
In case it helps, I am using Chrome on Windows 10
Given that you are using Chrome, according to this answer, you need to follow these steps to stop Chrome from redirecting http:// to https://.
Anon is right about STS, but there is a way to specifically delete your domain from the set. Go to chrome://net-internals/#hsts. Enter 3rdrevolution.com under Delete domain security policies and press the Delete button.
Now go to chrome://settings/clearBrowserData, tick the box Cached images and files and press click the button Clear data.
It's been more than 48 hours after I update my CloudFlare DNS setting to point to my Heroku app. The custom domain works fine now without https://.
But when I try the https:// version, I get this:
This is my Heroku custom domain setting:
This is my CloudFlare DNS setting:
This is my CloudFlare SSL setting:
And lastly, this is my CloudFlare page rules setting:
I follow this CloudFlare guide and not skip any step of it.
What am I missing here?
My app (http): http://beta.futurelab.my/
My app (https): https://beta.futurelab.my/
My Heroku app: http://future-lab-production.herokuapp.com OR https://future-lab-production.herokuapp.com
I want my app only available at https://beta.futurelab.my/ and force SSL sitewide.
Please help.
Seems like you added the CNAME record to Cloudflare but not enabled it. You need to click on the cloud icon placed on the right of your Cloudflare DNS record row. It should turn to orange when it is enabled.
Hope it helps.
I have a domain on godaddy and i want to put it in action on my heroku application i followed this video and it worked correctly but the problem is that i can only access my website at www.example.com and when i call for example.com it takes me to a godaddy page saying:
"You've registered your domain.Now put it to work."
and when i tried https://example.com or http://example.com it got me error
Any help?
By default example.com is an independent domain from www.example.com.
What you need to do is set up a static redirect or domain forwarding from example.com to www.example.com.
You should be able to do this in your GoDaddy's administration panel. Here's a tutorial.
I configured my Heroku app with SSL Endpoint from Heroku and bought the certificate from DNSimple. When I browse to my site, sometimes it shows up with the green https:// (on chrome) and other times (like when I click the home button for some reason) the https:// turns red and gets crossed out and the certificate goes back to Heroku's default one instead of the one I purchased. If then you click the lock (to see the SSL) it'll say Identity not verified. How come sometimes it works and sometimes it doesnt??
A few things I have configured
my application.rb says
config.force_ssl = false
but in my production environment I set that to true
config.force_ssl = true
Looking on Firefox in the technical details i get a
(Error code: ssl_error_bad_cert_domain)
Check your DNS configuration. I may be, for some reason, the domain is pointing to the Heroku standard app endpoint and not the Heroku SSL endpoint.
If this is happening randomically, make sure you don't have two DNS records associated to the same hostname. In fact, if you created two CNAME one pointing to the SSL endpoint and one to the standard endpoint, your request will be randomly routed to one of those hostnames.
I have this app on heroku the main part of it is called app.example.com for which I have custom domains on heroku, and added endpoint ssl to it. it's all working. By the way, the original www.example.com is very old, and it is hosted somewhere else not on Heroku.
On heroku, I just
heroku domains:add app.example.com
Now, we have an order form for user to order stuff before they get to use the app. and the client wants to have its url as order.example.com instead of app.example.com/order. I looked up routing constraint in Rails from RailsCasts to handle this subdomain redirect, so all's good. then I add it to heroku's custom domains
heroku domains:add order.example.com
then I change the CNAME on the original host of www.example.com to have it point order.example.com to myapps.herokuapps.com (or something). And now accessing order.example.com does bring me to the order form! Just that the https part is showing the usual non-verified cert warning.
So I went ahead and got myself another godaddy certificate, but now when I try to add the certificate to heroku (I have done this once before for app.example.com's https)
heroku certs:add ~/ssl/combined.crt ~/ssl/nopass.key
Adding SSL endpoint to order-dev... failed
! only one SSL endpoint allowed per app (try certs:update instead)
So it seems like I can't actually have more than one SSL certificate per app, does that mean I can actually use what I have for certificate for app.example.com for order.example.com also? If so, what do I have to configure? Or am I doing this all wrong, if so, what should I have done instead?
Thank you for helping out here!
You should buy wildcard certificate for *.example.com as opposed to multiple certs.