Search code examples
sslherokudnscloudflare

heroku cloudflare subdomain SSL setup

I'm trying to set up https on my backend app on heroku as a subdomain like this (for example):

https://api.mydomain.com

and I'm really confused by all the conflicting online docs I've found. Also, I'm rather green on all this SSL stuff. This app will be a backend for just data serving. My front end right now is https on OpenShift under my domain and it's working fine. Here is what I've done:

  1. I have a "hobby" dyno ($7/month) on my heroku app, which I read that I need to enable this stuff.
  2. I have a cloudflare account which serves up my domain for the openshift front-end on https.
  3. I bought my domain from GoDaddy -- so right now it simply points to the cloudflare name servers.
  4. I setup the subdomain: api.mydomain.com on heroku (settings tab). It came back and said that my "DNS Target" is api.mydomain.com.herokudns.com. It also says "Domain: Your app can be found at http://api.mydomain.com".

  5. I clicked "Configure SSL" > "Automatically configure using Automated Certificate Management" and it comes back saying to:

    "update your DNS settings to our secure domain"

  6. Not really sure what that means, to be honest. I tried to go back to cloudflare and add a DNS Record (DNS tab). Like so:

Type: CNAME
Name: api                                <--is this right?
Value: api.mydomain.com.herokudns.com    <-- what do I put here?

But this doesn't work. How do I know? I type heroku certs:auto and it comes back 'failing'. Also tried value: mydomain.com.herokudns.com without the 'api' in front. I'm really confused and the docs aren't much help. Can anybody help me?

Solution

  • OK, in case some other poor tired programmer comes here.

    Cloudflare and Heroku don't get along. Use your SSL from cloudflare. Here's how:

    1. disable automatic certification on heroku: heroku certs:auto:disable
    2. Delete your domain on heroku and start over
    3. Add the (sub) domain again on heroku
    4. type heroku domains to see what the REAL domain is now -- without ACM enabled it will probably go back to ...herokuapp.com instead of ...herokudns.com

    5. Set that one up in cloudflare (DNS tab) under CNAME like so:

      CNAME | yoursubdomainname | yourdomainname.com.herokuapp.com

    6. set up Page Rules in cloudflare to be like so: http://yourdomainname.com/ => Always use https

    7. on Crypto tab use Full SSL.

    8. Wait an hour or so to make sure these all take effect.

    Hope that helps someone.