All geek questions in one place

Heroku SSL is added, but the visiting domain still says the connection is not private

I use Heroku to deploy my application, and I used GoDaddy to buy my custom domain name, and I purchased an SSL certificate from me.

Call my version dedicated to my hero, my application example-101.herokuapp.com And let me call my own domain, which I own mycustomdomain.com

I tried to configure my SSL certificate on GoDaddy through heroku and followed all the steps here through step 7: http://www.joshwright.com/tips/setup-a-godaddy-ssl-certificate-on-heroku

Everything seems to be set up well. When I look in my Heroku GUI, in my settings, for example, on page 101.herokuapp.com, in the section "User Domains" it contains www.mycustomdomain.com and mycustomdomain.com , each of which has a target DNS mycustomdomain. com.herokudns.com and www.mycustomdomain.com.herokudns.com respectively.

When I start the terminal:

curl -kvI https://www.mycustomdomain.com

the conclusion says that it is "connected", it "successfully sets the location of the certificate verification", and after all the handshakes, it says: "SSL certificate is verified."

Now, here I am afraid that my problem may be.

In GoDaddy, under my DNS control for mycustomdomain.com, I followed the heroku instructions by creating a new entry as follows: Type: CNAME Name: www Value: example-101.herokuapp.com TTL: 1 hour

But this was based on documentation that does not allow for the addition of an SSL certificate.

When i started

 heroku certs

he gives me the following: Name: brachiosaurus-94028 Common names: www.mycustomdomain.com, mycustomdomain.com Reliability: true Type: SNI

Should I refer to the brachiosaurus-94028 somewhere?

When I actually try to visit www.mycustomdomain.com in my browser, the error it reads is NET :: ERR_CERT_COMMON_NAME_INVALID, and it says in detail that the theme is * .herokuapp.com Is this a problem? What does he point to herokuapp.com when should he point to herokussl.com or something like that?

If you have an idea of ​​why this does not work, please let me know.

Also, I just installed it all about an hour ago. Does it take a day or two before it works correctly and the browser recognizes the SSL certificate? Am I jumping with a gun asking for help?

+13
source share
3 answers

Heroku has a new ssl implementation: https://devcenter.heroku.com/articles/ssl

The crawler seems to be using this new implementation. This implementation requires the installation of a CNAME in your DNS administration as mycustomdomain.com.herokudns.com . You do not need to refer to your brachiosaurus-94028 certificate name in your case.

+4
source

I contacted the hero support team, my problem was fixed.

1, set CNAME correctly (I used domains by name) namecheap screenshot

2, then verify that the DNS target of heroku matches the host namecheap value.

heroku screenshot

3, restart ACM (ssl)

logs screenshot

4, you need to wait a few minutes to check the website.

+1
source

When you add an SSL addon to Heroku, it generates a new domain, and you should use it as your CNAME value, and this is not the original herokuapp.com. The heroku certs team should provide you with a domain that you should use ending with herokussl.com

In your case, you should probably set the value of your CNAME to brachiosaurus-94028.herokussl.com (you can check the endpoint in your browser to see if it works).

It doesn't take so long for it to work (when I always do it instantly)

Read more ... Heroku docs

0
source

Source: https://habr.com/ru/post/1257896/

More articles:


All Articles