Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Heroku SSL DNS Settings

Tags:

ssl

heroku

dns

I am using Namecheap for domain registration and for DNS, and using Heroku for hosting. I have purchased an SSL certificate through Namecheap and set it up with Heroku, and have it nearly working perfectly.

Currently, I have a DNS CNAME record with host "www" pointing to "[whatever].herokussl.com.", and a "@" host record set to URL Redirect (301) to "http://www.[domain].com".

My app itself forces all HTTP traffic to redirect to HTTPS, so "http://www.[domain].com" goes to "https://www.[domain].com".

I am getting the following results:

http://www.[domain].com - properly navigates to site as HTTPS
https://www.[domain].com - properly navigates to site as HTTPS
http://[domain].com - properly navigates to site as HTTPS

https://[domain].com - **does not** navigate to site, and instead the browser cannot find the page

I believe this has to do with how the URL Redirect behaves behind the scenes. I had originally done this as CNAME record pointing directly to "[whatever].herokussl.com.", but apparently doing that on the zone apex blocks MX records...

What do I need to do to get the desired behavior? I simply want all naked or "www" domains to point to my "www" domain.

UPDATE: More information regarding my DNS settings

HOST NAME          IP ADDRESS/URL               RECORD TYPE
---------          --------------               -----------
@                  http://www.[domain].com      URL Redirect (301)
www                [whatever].herokussl.com.    CNAME (Alias)

My SSL certificate was not a wildcard, just an EssentialSSL certificate from Comodo. I'm fine if only www.[domain].com works (with a redirect from the naked domain), although when I was using a CNAME for both the apex and "www", it was working as a naked domain with SSL just fine.

like image 749
creativename Avatar asked Oct 21 '22 19:10

creativename

1 Answers

If you use DnsSimple, you can use their ALIAS record feature.

The DnsSimple ALIAS record is not a standard DNS record type, and is not the same thing as a CNAME record. Rather, DnsSimple supports it in a special way, by performing the DNS resolution for you and returning to your browser the results. This is different from all other DNS records, where the DNS server performs no processing but simply returns the record to your browser on-demand.

There may be other DNS vendors with their own similar features.

However, with only vanilla DNS, HTTP-only 3xx's from your nameserver, and Heroku, there is no way to get SSL to the zone apex (the domain name with no www.).

like image 52
yfeldblum Avatar answered Oct 29 '22 03:10

yfeldblum
Sign in to Comment

Related questions

Partial site SSL using asp.net login control
ssl on android strange issue
WCF with SSL terminating load balance server
Forcing SSL via HTaccess
Node js - SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.Error [duplicate]
file_get_contents() is not working properly with youtube
Is there a workaround for: java.lang.RuntimeException: Could not generate DH keypair [duplicate]
nodejs environment variable "NODE_EXTRA_CA_CERTS"
Firefox 54 Stopped Trusting Self-Signed Certs

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!