Deploy a Rails App on Heroku with SSL from DNSimple

2019 Updated: This is outdated.

Now please refer to this official document: Automated Certificate Management.

This tutorial will share how to add HTTPS (certificate via DNSimple) to your Rails app hosted on Heroku.

1. Buy / Renew the SSL certification from DNSimple

Note you'll need to sign up a DNSimple account.

  • Buy a Single subdomain

    If you only need example.com / www.example.com.

  • Buy a Wildcard certificate

    If you need staging.example.com, subdomain.example.com, api.example.com or any other subdomains.

  • Renew

    If you already got certificate and wants to renew.

Go to DNSimple site to buy a single subdomain / wildcard domain certificate and follow the instructions.

This will cost you $20 (single subdomain) or $100 (wildcard) per year.

2. Get certificate files

After you bought certificate from DNSimple, download your .pem, .key and .crt (if wildcard) files.

We need these files to add to our Heroku app.

3. Enable Heroku SSL Endpoint addon

$ heroku addons:create ssl:endpoint

Put the files under your project root then run:

$ heroku certs:add *.{pem,crt,key}
Adding SSL Endpoint to example... done
example now served by example-1234.herokussl.com.
Certificate details:
...

Note the line with:

example now served by example-1234.herokussl.com.

This url: example-1234.herokussl.com is important.

If your Heroku app is on Europe region, you will get url *.herokuapp.com instead of *.herokussl.com.

You can also run:

$ heroku certs
Endpoint                    Common Name(s)             Expires          Trusted
--------------------  --------------------------  --------------------  -------
example.herokuapp.com  www.example.com, example.com  2017-07-07 23:59 UTC  True

to find out your SSL endpoint.

This will cost you $20 per month.

4. Config domains for Heroku

For single subdomain:

$ heroku domains:add www.example.com
$ heroku domains:add example.com

For wildcard subdomain:

$ heroku domains:add *.example.com

5. Add DNS records to DNSimple

Add these records to the DNS records:

For single subdomain:

ALIAS example.com  your SSL endpoint
CNAME www.example.com  your SSL endpoint

For wildcard subdomain:

ALIAS example.com  your SSL endpoint
CNAME *.example.com  your SSL endpoint

your SSL endpoint could be *.herokussl.com (US region) / *.herokuapp.com (Europe Region).

You can also use the one-click service provided by DNSimple:

  • If Heroku app is on US region, use Heroku SSL one-click service
  • If Heroku app is on Europe region, use Heroku one-click service

6. Rails app

Enable force_ssl option for your production-like environment (staging, production):

# config/environments/production.rb or config/environments/staging.rb
config.force_ssl = true
config.action_controller.default_url_options = { host: "www.example.com" }
config.action_controller.asset_host = "www.example.com"

Deploy then congratulations 🎉, your app now served through secure connection!