I've followed Heroku's Automated Certificate Management instructions for generating an SSL certificate via LetsEncrypt (kudos to LetsEncrypt and heroku!!) for my Ruby Sinatra app but generation of the SSL certificate for my custom domain is failing.
After activating automated certificate management, the heroku domain name for my app changes from *.herokuapp.com to *.herokudns.com, as expected.
I've updated my Google Domain records accordingly, however Google Domain doesn't allow the domain root to be specified as a CNAME record. Instead the root needs to be pointed at http(s)://www.mycustomdomain.com via subdomain forwarding, i.e.
mycustomdomain.com --> http://www.mycustomedomain.com
When heroku's certificate generation process runs, it expects BOTH www.mycustomdomain.com and mycustomdomain.com to be verified. It seems that the fact that the domain root is pointed to the www address via subdomain forwarding is preventing the domain root from validating.
I'm GUESSING that this is causing generation of the custom domain SSL certificate to fail?
Before I check with heroku, I'm reaching out to the stackoverflow community incase anyone's encountered this and solved it?
user@machine1:~/projects/mycustomdomain$ heroku domains
=== mycustomdomain Heroku Domain
mycustomdomain.herokuapp.com
=== mycustomdomain Custom Domains
Domain Name DNS Target
──────────────── ──────────────────────────────
mycustomdomain.com mycustomdomain.com.herokudns.com
www.mycustomdomain.com www.mycustomdomain.com.herokudns.com
mycustomdomain.com --> http://www.mycustomdomain.com
*.mycustomdomain.com --> http://www.mycustomdomain.com
<table style="border:1px solid black; border-collpase">
<tr>
<th>NAME</th>
<th>TYPE</th>
<th>TTL</th>
<th>DATA</th>
</tr>
<tr>
<td>www</td>
<td>CNAME</td>
<td>1h</td>
<td>www.mycustomdomain.com.herokudns.com</td>
</tr>
</table>
As a belated update, I have since found the following link, which I have used successfully to configure my app hosted on Google Domains, to use Let's Encrypt SSL: https://medium.com/@connorleech/https-ssl-on-heroku-with-google-domains-as-dns-provider-c55c438556c6
(I provide the link rather than restating the information here, as it is quite a lot of information)
Heroku have confirmed that:
To use apex domains, we recommend switching to a DNS provider that support CNAME-like functionality for apex domains, such as Cloudflare, and then re-enabling ACM.
This is documented on their site here: https://devcenter.heroku.com/articles/custom-domains#configuring-dns-for-root-domains
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With