I am trying to install comodo positive certificate on heroku app.
I baught a certificate from comodo. and followed heroku's guide of Manually Acquiring an SSL/TLS Certificate. I believe everything went smooth here. I can see this message in SSL section on heroku's app page as well.
Your certificate www.app-name.com expires on March 26, 2020
then it asked me to update DNS targets. SO I removed the old once now they look as follows:
Domain Name DNS Target
app-name.com ------ app-name.com.herokudns.com
www.app-name.com ------ www.app-name.com.herokudns.com
this dns target value is auto set by heroku, all i can SET is DOMAIN NAME. DNS target is auto populated
PS: now when i visit www.app-name.com.herokudns.com, I cannot see my app.
I can only see my app on this link.
app-name.herokuapp.com
When I do
heroku certs
I get following output
Name | Common Name(s) | Expires | Trusted |Type
dilopurus-77213 | www.app-name.com,app-name.com | future-date | True | SNI
I used Godaddy for buying Domain name. so I went to godaddy added my
CNAME-----WWW------app-name.herokudns.com
Now I cant even access my app on registered domain as I am getting an error site cannot be reached. I do not know what is wrong in the flow. I exactly followed what was asked for.
Related
I have a React app running on a professional Heroku dyno. It has a custom domain with naked redirect, registered via GoDaddy.
Based on the Heroku instructions and other StackOverflow posts I've read, I thought I had everything configured properly. And indeed when I go to https://www.myapp.herokuapp.com I get the correct behavior. However, when I go to https://www.mywebsite.com, I still get:
Your connection is not private. Attackers might be trying to steal your information.
heroku domains is:
=== myapp Heroku Domain
myapp.herokuapp.com
=== myapp Custom Domains
Domain Name DNS Record Type DNS Target
www.mywebsite.com CNAME xxx-yyy-1234567.herokudns.com
That DNS address is what I've set my CNAME in GoDaddy to point to:
CNAME www xxx-yyy-1234567.herokudns.com 1 Hour
heroku certs is:
Name Common Name(s) Expires Trusted Type
────────────────── ────────────────── ──────────────────── ─────── ────
tyrannosaurs-66282 www.mywebsite.com 2020-08-15 10:32 UTC True ACM
Finally, my heroku certs:auto is:
=== Automatic Certificate Management is enabled on myapp
Certificate details:
Common Name(s): www.mywebsite.com
Expires At: 2020-08-15 10:32 UTC
Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Starts At: 2020-05-17 10:32 UTC
Subject: /CN=www.mywebsite.com
SSL certificate is verified by a root authority.
Domain Status
────────────────── ───────────
www.mywebsite.com Cert issued
From what I can tell, everything is set up correctly. What am I missing?
One thing that could potentially be an issue: I originally tried to set up SSL manually by registering my site on Let's Encrypt. But stopped and switched to ACM after Heroku kept redirecting to va-acm, preventing confirmation.
Never mind, it did work, just takes a while to propagate. Leaving this Q up as a reference point so folks know what the correct configuration is.
Also, https always works for herokupapp. Has nothing to do with your ACM/DNS configuration.
I use Heroku for deploying my app and I used GoDaddy to purchase my custom domain name and I purchased my SSL certificate from them.
Let's call my heroku hosted version of my application example-101.herokuapp.com
And let's call my custom domain I own mycustomdomain.com
I was trying to set up my GoDaddy purchased SSL certificate through heroku, and followed all of the steps here through step 7:
http://www.joshwright.com/tips/setup-a-godaddy-ssl-certificate-on-heroku
Everything appears to be set up well. When I look in my Heroku GUI, at my settings for example-101.herokuapp.com, under 'Custom Domains' it lists www.mycustomdomain.com and mycustomdomain.com, each with DNS target mycustomdomain.com.herokudns.com and www.mycustomdomain.com.herokudns.com respectively.
When I run in the terminal:
curl -kvI https://www.mycustomdomain.com
the output says it "Connected", it "successfully set certificate verify locations", and after all the handshakes it says "SSL certificate verify ok."
Now, here is where I'm afraid my problem may be.
In GoDaddy, under my DNS Management for mycustomdomain.com, I followed heroku instructions by creating a new record as follows:
Type: CNAME
Name: www
Value: example-101.herokuapp.com
TTL: 1 hour
But this was based on documentation that doesn't take into regard adding an SSL certificate.
When I run
heroku certs
it gives me the following:
Name: brachiosaurus-94028
Common Names: www.mycustomdomain.com, mycustomdomain.com
Trusted: True
Type: SNI
Should I be referencing brachiosaurus-94028 anywhere?
When I actually try to visit www.mycustomdomain.com in my browser, the error it reads is NET::ERR_CERT_COMMON_NAME_INVALID , and in the details, it says the Subject is *.herokuapp.com
Is that the issue? That it's pointing to herokuapp.com when it should be pointing to herokussl.com or something of that nature?
If you have any insight on why this isn't working please let me know.
Also, I just set all of this up about an hour ago. Does it take a day or two before it it working properly and the browser recognizes the SSL certificate? Am I jumping the gun on asking for help?
I contacted the heroku support, my problem was fixed.
1, set your CNAME correctly(I used the namecheap domains)
2, after that, check that the heroku DNS target is the same as the namecheap host value.
3, restart the ACM (ssl)
4, you need to wait for several minutes to check the website.
Heroku has a new ssl implementation: https://devcenter.heroku.com/articles/ssl
The asker appears to be using this new implementation. For this implementation, it's required to set the CNAME in your DNS Management as mycustomdomain.com.herokudns.com. You do not need to reference your certificate name, brachiosaurus-94028 in your case.
When you add the SSL addon to Heroku, it generates a new domain, and you should use it as your CNAME value, and it's not the original herokuapp.com anymore. The heroku certs command should give you the domain you should use, which ending is herokussl.com
In your case, you probably should set the value of your CNAME as brachiosaurus-94028.herokussl.com (you can test the endpoint on your browser to see if it works).
It should not take so much time for it to work also (when I do this it is always instantly)
For more information check Heroku docs
In my case, this error was encountered because my DNS record specified app-name.herokuapp.com as the target for the CNAME rather than the provided DNS target. Update your DNS record to point at the correct DNS target.
To get the correct DNS target, run heroku domains in cli and it will show something like:
=== app-name Custom Domains
Domain Name DNS Record Type DNS Target
api.myapp.io CNAME powerful-tick-i29i319i39121321.herokudns.com
I'm trying to set up SSL on a Heroku app with a custom domain. The app for this example's sake will be live at - example.mydomain.com
When I visit https://example.mydomain.com, sometimes I get the message that the identity is verified, but some resources are not secure, and they could be manipulated. Whatever, I know how to fix that. Problem is that it isn't consistent. I refresh it four times, and it goes away. If I'm not getting that message, it's saying "Identity not verified." When it says this, it's because it has for some reason defaulted to using the Heroku SSL, and is reading the certificate for *.herokuapp.com, which is not my URL.
This inconsistency is only replicable in Google Chrome, Firefox always reads the Heroku SSL.
I've enabled the Heroku SSL Endpoint, I've added my CRT and KEY, and when I run heroku:certs I get the SSL Endpoint. I have CNAME records that point to that endpoint. Those look like this -
NAME | TTL | TYPE | DATA
example | .mydomain.com | 43200 | CNAME | myendpoint-4235.herokussl.com
www.example | .mydomain.com | 43200 | CNAME | myendpoint-4235.herokussl.com
DNS lookups confirm that my subdomain is routing to the SSL Endpoint, why is the wrong certificate being read?
The certificate was purchased through Mediatemple, if that's relevant.
I keep getting ssl certificate error from google web master tool like below.
Dear Webmaster, The host name of your site, https://myapp.com/, does not match any of the "Subject Names" in your SSL certificate, which were:
*.herokuapp.com
herokuapp.com
This will cause many web browsers to block users from accessing your site, or to display a security warning message when your site is accessed. To correct this problem, please get a new SSL certificate by a Certificate Authority (CA) with a "Subject Name" or "Subject Alternative DNS Names" that matches your host name. Thanks, The Google Web Crawling Team
I set ssl to my heroku app by following instructions of Heroku dev center.
https://devcenter.heroku.com/articles/ssl-certificate
https://devcenter.heroku.com/articles/ssl-endpoint
I also am using rack_rewrite for 301 redirect for redirecting from naked domain to www subdomain.
It seems everything is going fine from browser, when I access naked domain, it will redirect to https://www.myapp.com without any SSL error.
output from heroku are like below
heroku certs --remote production
Endpoint Common Name(s) Expires Trusted
---------------------- ---------------------------------- -------------------- -------
XXXXXXXX.herokussl.com www.myapp.com, myapp.com 2013-08-05 00:20 PHT True
heroku certs:info --remote production
Fetching information on SSL endpoint XXXXXXX.herokussl.com... done
Certificate details:
subject: /serialNumber=XXXXXXXXXX www.rapidssl.com/resources/cps (c)12/OU=Domain Control Validated - RapidSSL(R)/CN=www.myapp.com
start date: (some date)
expire date: (some date)
common name(s): www.myapp.com, myapp.com
issuer: /serialNumber=XXXXXXXXXXX www.rapidssl.com/resources/cps (c)12/OU=Domain Control Validated - RapidSSL(R)/CN=www.myapp.com
SSL certificate is verified by a root authority.
domain settings
Type NAME TTL Points to
ALIAS myapp.com 3600 xxxxxx.herokussl.com
CNAME www.myapp.com 3600 xxxxxx.herokussl.com
Why I keep getting the error from Google?
Naked Domains are not supported. See the documentation section at Heroku Endpoint SSL
I followed the instructions to the letter here -- https://devcenter.heroku.com/articles/ssl-certificate --, and they were helpful, especially since DNSimple is my registrar of choice. I got everything up and running as far as I know, purchased the certs (via DNSimple and RapidSSL), combined the crt and the CA bundle, and sent them up via the heroku client:
$ heroku ssl
www.website.com has a SSL certificate registered to /serialNumber=…
website.com has a SSL certificate registered to /serialNumber=…
But when I go to my apps (I even restarted them) they are still using the certs for *.herokuapp.com. Is there anything I've missed? Why would things be coming up as *.herokuapp.com?
From the top, here are the pieces provided to me from the related parties.
From DNSimple (on the cert details page) : Private Key
From DNSimple (on the cert details page) : Certificate
From RapidSSL's CA Download page (linked from DNSimple) : CA bundle "pem"
From email sent by RapidSSL / Geotrust : Web Server CERTIFICATE
From email sent by RapidSSL / Geotrust : INTERMEDIATE CA
I imagine that the "private key" is what I need in the second part of the heroku ssl:add dance: heroku ssl:add site.pem private.key
But it seems that I'm doing something wrong when I'm putting together the "pem" file for the first file I'm sending with heroku ssl:add. Of the pieces above - what needs to be combined in order for this to work?
I know this question is old, but I just hit the same problem and found the answer, at least in my case.
I had my DNS pointing to my-app.herokapp.com but the SSL endpoint is different. You can find the SSL endpoint like this:
$ heroku certs
Endpoint Common Name(s) Expires Trusted
------------------------ ---------------------------- -------------------- -------
osaka-5565.herokussl.com www.example.com, example.com 2014-05-18 09:32 UTC True
Your endpoint will be different from that. Once you change your CNAME and/or ALIAS records to point to the SSL endpoint, you'll get your own certificate instead of the herokuapp wildcard.
Make sure you're not viewing the naked domain name, https://yourwebsite.com is not supported with SSL on Heroku, whereas https://www.yourwebsite.com is.
If this ends up being the issue you'll have to make sure the naked domain name redirects to a subdomain like www.