Let’s Encrypt and Heroku
Obtain and deploy a free TLS/SSL certificate for your Heroku apps
Since Heroku announced that SSL was included in all paid dinos, I have been thinking about of getting an SSL certificate for the pet projects I already have on Heroku, ThePriceMonkey Spain and ThePriceMonkey UK.
I’ve been looking for a cheap multidomain SSL certificate, because I’m going to launch some more countries, each on its own subdomain. Suddenly I ended up on the Let’s Encrypt home page: the free, automated, and openCertificate Authority. So here we go!
1. Install Let’s Encrypt client on your system
git clone https://github.com/letsencrypt/letsencrypt
This command should return the information that indicates that you can start using Let’s Encrypt client.
2. Obtain the certificate for your domain
Ask Let’s Encrypt for the certificate
./letsencrypt-auto certonly —-manual —-email firstname.lastname@example.org -d www.example.com
Verify your domain (Add the challenge to the app)
A message like this will appear after accepting the conditions
Make sure your web server displays the following content at
http://www.example.com/.well-known/acme-challenge/6arQTCxjNzFJby8V9K48sDcTVzDQVP before continuing:
Press ENTER to continue
ATTENTION: You must add the challenge response to your app before continue and then the certificate will be created.
Then you will get something like this on your terminal:
— Congratulations! Your certificate and chain have been saved at
cert will expire on 2017–02–16. To obtain a new or tweaked version
of this certificate in the future, simply run letsencrypt-auto
again. To non-interactively renew *all* of your certificates, run
— If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Note that you can generate the certificates for all your subdomains just by adding it to the letsencrypt-auto command:
letsencrypt-auto certonly —-manual —-email email@example.com -d www.example.com -d us.example.com -d uk.example.com
3. Add certs to Heroku app
Send certs to Heroku using Heroku Cli
Now that you have the certs, it’s time to send it to the Heroku app. Note that I used sudo to grant permissions to /etc/letsencrypt/live.
sudo heroku certs:add
If everything went ok, you will see a message like this.
Just go to your domain name provider and update the CNAME record.
Your certificate has been added successfully.
Update your application’s DNS settings as follows
Domain Record Type DNS Target
─────────────────── ─────────── ───────────────────────────────────
www.example.com CNAME www.example.com.herokudns.com
Remember that Let’s Encrypt certificates has a ninety-days lifetime, so you must renew the certificate before it expires. You will get a remember from Let’s Encrypt if you provide the email in the certificate creation.