Privacy error Your connection is not private
is displayed (with using Chrome) when I try to access the url which I registered as CNAME
.
I developed Rails app, and this is the first time to use Heroku.
Although the error isn't displayed when I use the original url such as https://floating-fortress-99999.herokuapp.com/
, the error is displayed when I use www.my_app.com
which I get.
All of the error messages on the browser are as followings;
Your connection is not private
Attackers might be trying to steal your information from www.my_app.com (for example, passwords, messages, or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is www.my_app.com; its security certificate is from *.herokuapp.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
I can display www.my_app.com
when I click the link Proceed to www.my_app.com (unsafe)
on the browser.
Is it possible to avoid displaying 'Privacy error' ?
It would be appreciated if you could give me how to avoid this error.
react-boilerplate can enforce https(redirect http to https) on heroku deployed apps(that has extra layer like cloudflare). var sslRedirect = require('heroku-ssl-redirect');const app = express();app. use(sslRedirect()); Now you get all connection to be on https.
The Heroku router only supports HTTP/1.0 and HTTP/1.1 clients.
It is worth saying that you need to purchase the SSL Endpoint for your application at Heroku, which costs $20/month. Also, you can have a free certificate installed using the Heroku SSL option. For this to be done, please use the following command: heroku certs:add example. crt example.
Updated Answer in 2020
Heroku now has Automated Certificate Management for all tiers above the free tier that allows for a ridiculously easy setup to have https working for your website.
To set this up:
heroku certs:auto:enable -a yourappname
heroku domains
. You should get a list of your custom domains and a list of the their DNS targets. After running the commands above the DNS targets you get should end in .herokudns.com
instead of .herokuapp.com
..herokudns.com
app instead of the generic .herokuapp.com
You might of course have to wait some time after finishing those steps for the DNS change to take effect. But now you have everything set up alright! Ta Da, you have DNS working for you!
For more info on any of those steps check heroku's article here
You get "Your connection is not private" error while loading your Heroku application through a new domain name because the existing SSL certificate is not valid for it.
As you can see from the error message:
This server could not prove that it is www.my_app.com; its security certificate is from *.herokuapp.com.
It is only valid for *.herokuapp.com domain name, in this case, it can be your-app-name.herokuapp.com. When you create a new CNAME and use that domain name instead of your-app-name.herokuapp.com, the exisiting SSL certificate can't validate it and displays this error to you.
To bypass this SSL error temporarily, you can enter chrome://flags into Google Chrome address bar to access advanced settings, locate "Allow invalid certificates for resources loaded from localhost" and enable this. By doing so, you can turn off this waring temporarily on your browser (only).
The solution to resolve this issue permanently is to get a new SSL for your domain. You can use the SSL Endpoint add-on from Heroku to use a private SSL with your domain name. This add-on charges you $20 per month. For more details of this add-on, read it from here or here.
Another option is to use Heroku SSL, a free feature that Heroku is currently offering. It seems they want to replace SSL Endpoint by this one. To find out how to install SSL for your domain name with Heroku SSL, read this article from NameCheap.com.
Source: Fix Your Connection Is Not Private Error In Your Browser
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With