Can I use AWS Certificate Manager with Heroku SSL?

Question

Is it possible to AWS Certificate Manager with Heroku SSL to enable SSL for my Heroku app?

If so, how?

If not, how can I get a free SSL/TLS certificate? Should I just use Let's Encrypt?

Answer 1

Yes, you can with a small hack. Follow the steps:

1. Create a certificate from AWS Certificate Manager and approve it
2. Create a Cloudfront distribution with the Origin Domain Name as your heroku URL such as myapp.herokuapp.com and the custom SSL certificate as the one you created from the AWS Cert Manager
3. While creating the distribution, make sure that you have the TTL as 0, else all the responses will be cached
4. Assuming that you have the DNS managed by Route53 (if it's not - you have to), point the domain name to the Cloudfront Distribution by creating an A record

The drawback is that if you get too many hits on the website, your cloudfront billing might go up and one day you might consider paying $20/month to Heroku for the same!

Answer 2

You can't use the AWS Certificate Manager with Heroku. It looks like Heroku has their own free SSL service.

Edit: As mentioned in another answer you can place CloudFront in front of your Heroku application and use a fre AWS ACM certificate with that. However, that solution comes with added expense and probably isn't what you are looking for.

Instead of using CloudFront I would recommend CloudFlare which provides a completely free solution.