I am trying to add an SSL certificate which I just bought to my custom domain heroku app. Right now I have www.tradespring.net CNAME'd to tradespring.herokuapp.com.
I am going through this article: https://devcenter.heroku.com/articles/ssl
and I have reached the point of add your SSL add-on.
But it adds it to the wrong app. It adds it to one of my previous apps on a previous account which is now deleted. How do I tell it to add it to my app. When I run heroku apps it only lists one, which is the correct one.
alex#alex-ThinkPad-T410:~$ heroku addons:add ssl:endpoint
Adding ssl:endpoint to sharp-leaf-1669... failed
! App not found
You need add the app name after the command,
like this:
$ heroku addons:add ssl:endpoint --app tradespring
Related
To start with I really don't want to pay for hobby dyno on heroku. I am well aware of their ACM process. I am trying to be a little careful with spends as I am testing something.
My current setup is as follows:
Namecheap (domain xyz.com) -> xyz.herokuapp.com (with DNS Name configured correctly)
This is configured correctly and works great for HTTP. I have a task at hand to obtain certifactes from LetsEncrypt (because they are free), and integrated it to app deployed on heroku.
The app is a simple react-app, built using create-react-app. I have followed the steps to obtain a certificate from LetsEncrypt, and the certbot is asking me to place the certificate in this path public/.well-known/acme-challenge/<cert-string>. The content of the file in that path contains the .
The problem I am having is, the route localhost:3000/.well-known/acme-challenge/<cert-string> works well in my dev environment. When I deployed the react app to heroku, the route /.well-known/acme-challenge/<cert-string> is heading to a 304 and I am unable to facilitate the certbot to complete the validation step.
After a few hours of debugging I understood the architecture inside heroku better, and I have understood that this is a heroku buildpack related problem. My current understanding of the issue is as follows:
heroku blocks access to /.well-known/acme-challenge/<cert-string>
and I have to find a way to unblock this ^ .. so that certbot can validate my cert process.
I did some research and understood that there is a way to by-pass the nginx.conf. Is this really possible?
Looking for some guidance here.
Edit1
I have tried some approaches here https://github.com/heroku/heroku-buildpack-php/issues/218 - they did not work well.
This is my first time getting an SSL certificate for my website. I followed this tutorial https://devcenter.heroku.com/articles/automated-certificate-management
heroku certs:auto displays that Status is "Cert issued". I get no errors. I use git push and the website is still not certified. What could I be doing wrong?
Old question, but if anyone else runs into this problem, which I was just battling myself, here was my problem:
When following the Heroku dev center guide on how to point a custom domain to your herokuapp, the guide says, among other things:
"Create a CNAME record to map from www.example.com to example.herokuapp.com or your SSL endpoint if using SSL."
Neither one of these alternatives are, however, the way to go now (SSL endpoint is considered legacy at Heroku). Instead, once you have added your custom domain correctly, simply:
In Heroku CLI, run "heroku certs:auto:enable" to enable ACM.
Point your domain's DNS records at the Heroku DNS target for your custom domain, which you can find by running "heroku domains"
Wait a little.
This should do it.
I'm trying to set up https on my backend app on heroku as a subdomain like this (for example):
https://api.mydomain.com
and I'm really confused by all the conflicting online docs I've found. Also, I'm rather green on all this SSL stuff. This app will be a backend for just data serving. My front end right now is https on OpenShift under my domain and it's working fine. Here is what I've done:
I have a "hobby" dyno ($7/month) on my heroku app, which I read that I need to
enable this stuff.
I have a cloudflare account which serves up my domain for the openshift front-end on https.
I bought my domain from GoDaddy -- so right now it simply points to the cloudflare name servers.
I setup the subdomain: api.mydomain.com on heroku (settings tab). It came back and said that my "DNS Target" is api.mydomain.com.herokudns.com. It also says "Domain: Your app can be found at http://api.mydomain.com".
I clicked "Configure SSL" > "Automatically configure using Automated Certificate Management" and it comes back saying to:
"update your DNS settings to our secure domain"
Not really sure what that means, to be honest. I tried to go back to cloudflare and add a DNS Record (DNS tab). Like so:
Type: CNAME
Name: api <--is this right?
Value: api.mydomain.com.herokudns.com <-- what do I put here?
But this doesn't work. How do I know? I type
heroku certs:auto and it comes back 'failing'. Also tried value: mydomain.com.herokudns.com without the 'api' in front. I'm really confused and the docs aren't much help. Can anybody help me?
I have found a simpler solution. The fix was mentionned in Cloudflare's tutorial.
The trick is to take your standard heroku app address (ex: myapp.herokuapp.com) INSTEAD of the xxx.herokudns.com displayed in heroku's SSL interface
Then, to make your custom subdomain (ex: api.foodomain.com) point to it, simply add a CNAME record in Cloudflare's DNS
CNAME api myapp.herokuapp.com
And it should work (it did for my case).
OK, in case some other poor tired programmer comes here.
Cloudflare and Heroku don't get along. Use your SSL from cloudflare. Here's how:
disable automatic certification on heroku: heroku
certs:auto:disable
Delete your domain on heroku and start over
Add the (sub) domain again on heroku
type heroku domains to see what the REAL domain is now -- without ACM enabled it will probably go back to ...herokuapp.com instead of ...herokudns.com
Set that one up in cloudflare (DNS tab) under CNAME like so:
CNAME | yoursubdomainname | yourdomainname.com.herokuapp.com
set up Page Rules in cloudflare to be like so:
http://yourdomainname.com/ => Always use https
on Crypto tab use Full SSL.
Wait an hour or so to make sure these all take effect.
Hope that helps someone.
Yesterday, I added a RapidSSL certificate, but going to supplybetter.com still gives an SSL mismatch warning, and the heroku certificate rather than mine is being presented. I'd like to get this working and get rid of the warning as soon as possible.
To get the certificate, I followed the instructions in this tutorial, with the exception that there was no analogue to "../ssldir/myapp_mydomain_com_chain.key" in step 16, so I used the _chain-less .key file, the only one I had. My PEM is composed of my CRT followed by the intermediate CRT, with spacing / newlines correct after checking.
My DNS is through Badger.com, which interacts with Heroku; current records shown below. This post recommends adding a cname that I don't have, but there's no way for Badger to do that without uninstalling the Heroku plugin; it only allows one input, a "_______.herokuapp.com" address, and does the rest.
Results of heroku certs and ssl
matt$ heroku certs
Endpoint Common Name(s) Expires Trusted
------------------------ -------------------------------------- -------------------- -------
osaka-8681.herokussl.com www.supplybetter.com, supplybetter.com 2014-03-09 23:27 UTC True
matt$ heroku ssl
supplybetter.com has no certificate
www.supplybetter.com has no certificate
This question has been submitted to Badger and Heroku support; if there's not an accepted answer, I don't yet have a solution. Thank you for your help!
--
Heroku support:
"Hey,
So the tutorial you are following was for our legacy feature ssl:hostname which has been removed in place of ssl:endpoint. Running heroku certs, I see that your cert has been added properly. However, there is one final step, you need to point your CNAME to your ssl:endpoint osaka-8681.herokussl.com
Once you do that, just wait for the DNS to propagate and you should be good to go."
Issue now is that badger doesn't have a way I see of adding non-subdomain cnames, and their heroku app only takes things in ____.herokuapp.com format.
DNS does not support CNAME records for the domain apex ("non-subdomain"). Heroku docs recommend not using the apex domain. You DNS provider may provide a redirect-function from domain.com to www.domain.com that you can take advantage of.
DNSimple has a feature that let's you use the apex on Heroku, but you'd have to switch away from badger: http://support.dnsimple.com/questions/32831-How-do-I-point-my-domain-apex-to-Heroku
Badger support manually implemented the 3 A records that I needed, plus the correct CNAME to point to osaka.herokussl.com. My major mistake was that when faced with Badger's format to enter CNAMEs, _.domain.com, I didn't realize www would work. It's now propigated and working well.
Learned:
As of 3/8/13, Badger's Heroku plugin can't support custom domains, but they're possible to add manually
Badger support is very responsive
I've been using Heroku normally in the past few months. In the beginning, I created a ssh key, I added it to my Heroku account and I could deploy my apps without any problem. Until today. I'm working on a new project and I needed to create a new Heroku account under a different e-mail address. After a while I realized I couldn't deploy this app using a new e-mail address because my SSH key was associated to a different e-mail. Then I created a new SSH key and added it to my new Heroku account. It didn't work! :)
Well, I removed the key from my computer and from my new Heroku account. Then I decided to go back to my original Heroku account. Everything works, well, more or less. I can still deploy my old apps, I can see I only have one SSH key there, I can run the commands: heroku info, heroku apps, etc.
So then I tried to deploy my new app, but before I created a new Heroku app using: heroku create. The new app was created successfully. But when I try: git push heroku I get this error:
! Your key with fingerprint
b2:69:3b:90:1e:e1:60:ad:a0:b9:f7:::*:* is not authorized to
access furious-leaf-9996.
If I try: heroku info, I get this error:
! You do not have access to
furious-leaf-9996.
The funny thing is, if I switch to the other app's directory and try to do the same thing (ex.: heroku info, git push heroku), everything works perfectly.
Note 1: When I try heroku logout then heroku login, I'm always able to connect, in both app's directory
Note 2: I'm using RVM and both apps use different gemsets.
I don't know what else to do!! Anyone??
Thanks!
After getting almost crazy I found out what was happening.
When I first tried to login on my second Heroku account, my .git config file was updated with this info:
[remote "heroku"]
url = git#heroku.com:furious-leaf-9996.git
fetch = +refs/heads/*:refs/remotes/heroku/*
And this was the problem. Even logging out and logging in again in different Heroku accounts, every time I tried to push my files there, I couldn't because I didn't have access to this repository. And it got worse because I deleted this repository. :)
Now everything is working properly.
So next time you have access problems on Heroku, take a look at your git config file!
Thanks!