Heroku SSL on root domain


How to make it works?

Before you continue to read, here's what my problem (which maybe similar to yours).

One of client's Rails app running on Heroku, which I've handled since 2012, can't be accessed by https://domain.com.

Yet it's working when you access it through http://domain.com. With this way, you'll be redirected to https://www.domain.com. Fyi, https://www.domain.com had been the preferred URL since the web was launched many years ago.

However, when you type https://domain.com, instead of redirecting https://domain.com to https://www.domain.com, the browser will show an error:

Your connection is not private blah blah (you got the idea)

So, that's the background problem which makes me to read the updated Heroku docs about this.

I also stumbled on this Heroku doc, and it's clearly said:

If you need to support SSL on your root domain you will need to switch to a DNS host that supports CNAME-like records (often referred to as ALIAS or ANAME records). 

Ok, I admit that on the DNS Management for that app, I only set up URL redirects / forwarding from domain.com to https://www.domain.com.

The next thing I've done is opening the DNS Management service for that app, then remove that URL redirects from domain.com to https://www.domain.com

That's the first step I've done, but of course it's not fixing the problem yet.

And here are the next steps I've done to make this works, so accessing https://domain.com will be redirected to https://www.domain.com. The same goes with any of path under https://domain.com/path and get redirected to https://www.domain.com/path.

  • Make sure the DNS Management service I used provided either ALIAS or ANAME. Luckily for me, the DNS Management service we use, which is DNSMadeEasy, supported the ANAME. Great!
  • I run heroku domains -a app_name on my Mac's terminal and saw the record for www.domain.com there along with its DNSTarget www.domain.com.herokudns.com
  • If you are using Heroku SSL Endpoint, and you saw blah.herokussl.com, then you can continue to follow this SO answer
  • But if it's still not working for you, you can try the following ways I've done:
    • Be sure you had removed the URL forwarding from domain.com to https://www.domain.com.
    • Go back to terminal 
    • Run heroku domains:add domain.com -a app_name or you can do this to on Settings tab from your Heroku app inside Heroku's admin dashboard.
    • After that, you should see new domain is added on your Heroku app, and you'll see its DNS target like blahblahblah.herokudns.com
    • Add that blahblahblah.herokudns.com as the ANAME or ALIAS record's target or value, and point it to your domain.com. In my case, I used ANAME because DNSMadeEasy provided that ANAME instead of ALIAS
    • Set the TTL to be low, so in case it's not working, you won't have to wait for long before you can see your changes again. I set it for 180.
    • Wait several minutes, in my case, I waited for 10 minutes, and I saw the following URLs are working and pointed to https://www.domain.com now:
      • http://domain.com is redirected to https://www.domain.com
      • https://domain.com is redirected to https://www.domain.com
      • http://www.domain.com is redirected to https://www.domain.com
      • https://www.domain.com is working as usual.

Don't forget to make sure you had this set up on your productions.rb file.

config.ssl = true

DNS Management Service did not provide either ALIAS or ANAME

I feel sorry for you, but you had no other choice but switching to another service that provided either ALIAS or ANAME.

Here are the DNS Management Service lists I got from Heroku which are supporting ALIAS or ANAME

  1. ALIAS at DNSimple
  2. ANAME at DNS Made Easy
  3. ANAME at easyDNS
  4. ALIAS at PointDNS