Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Heroku SSL added but visiting domain still says connection is not private

I use Heroku for deploying my app and I used GoDaddy to purchase my custom domain name and I purchased my SSL certificate from them.

Let's call my heroku hosted version of my application example-101.herokuapp.com And let's call my custom domain I own mycustomdomain.com

I was trying to set up my GoDaddy purchased SSL certificate through heroku, and followed all of the steps here through step 7: http://www.joshwright.com/tips/setup-a-godaddy-ssl-certificate-on-heroku

Everything appears to be set up well. When I look in my Heroku GUI, at my settings for example-101.herokuapp.com, under 'Custom Domains' it lists www.mycustomdomain.com and mycustomdomain.com, each with DNS target mycustomdomain.com.herokudns.com and www.mycustomdomain.com.herokudns.com respectively.

When I run in the terminal:

curl -kvI https://www.mycustomdomain.com 

the output says it "Connected", it "successfully set certificate verify locations", and after all the handshakes it says "SSL certificate verify ok."

Now, here is where I'm afraid my problem may be.

In GoDaddy, under my DNS Management for mycustomdomain.com, I followed heroku instructions by creating a new record as follows: Type: CNAME Name: www Value: example-101.herokuapp.com TTL: 1 hour

But this was based on documentation that doesn't take into regard adding an SSL certificate.

When I run

heroku certs 

it gives me the following: Name: brachiosaurus-94028 Common Names: www.mycustomdomain.com, mycustomdomain.com Trusted: True Type: SNI

Should I be referencing brachiosaurus-94028 anywhere?

When I actually try to visit www.mycustomdomain.com in my browser, the error it reads is NET::ERR_CERT_COMMON_NAME_INVALID , and in the details, it says the Subject is *.herokuapp.com Is that the issue? That it's pointing to herokuapp.com when it should be pointing to herokussl.com or something of that nature?

If you have any insight on why this isn't working please let me know.

Also, I just set all of this up about an hour ago. Does it take a day or two before it it working properly and the browser recognizes the SSL certificate? Am I jumping the gun on asking for help?

like image 803
Parker Avatar asked Oct 08 '16 14:10

Parker


People also ask

How do I enable SSL on Heroku?

Just navigate to Domains and certificates >> click Configure SSL >> select Remove >> click Continue >> enter the name of your app and click Remove SSL. To remove the certificate using the command line, simply run the command heroku certs:remove and enter the app name for confirmation.

How do I force https on Heroku app?

react-boilerplate can enforce https(redirect http to https) on heroku deployed apps(that has extra layer like cloudflare). var sslRedirect = require('heroku-ssl-redirect');const app = express();app. use(sslRedirect()); Now you get all connection to be on https.

How do I connect my Heroku to my domain?

Summary of stepsAdd the custom domain to your app with the heroku domains:add command. Look up the Heroku-supplied DNS target for the custom domain using the heroku domains command. Configure your app's DNS provider to point to the Heroku-supplied DNS target. Confirm that your app is accessible via the custom domain.

Does Heroku use http or https?

https is handled at a heroku routing layer and it passes along the request to the node app on http).


2 Answers

I contacted the heroku support, my problem was fixed.

1, set your CNAME correctly(I used the namecheap domains) namecheap screenshot

2, after that, check that the heroku DNS target is the same as the namecheap host value.

heroku screenshot

3, restart the ACM (ssl)

logs screenshot

4, you need to wait for several minutes to check the website.

like image 119
Sky Pan Avatar answered Oct 23 '22 12:10

Sky Pan


Heroku has a new ssl implementation: https://devcenter.heroku.com/articles/ssl

The asker appears to be using this new implementation. For this implementation, it's required to set the CNAME in your DNS Management as mycustomdomain.com.herokudns.com. You do not need to reference your certificate name, brachiosaurus-94028 in your case.

like image 30
Danny Sullivan Avatar answered Oct 23 '22 14:10

Danny Sullivan