bg-tutorials

How to Install an SSL Certificate on Heroku

Last updated on by Dionisie Gitlan

In this guide, you will learn how to install an SSL Certificate on Heroku. If you haven’t applied for a certificate yet, the first part will show you how to generate a CSR code for Heroku during the buying process. We’ve also included a few useful tips on where to buy an SSL certificate for a Heroku server.

Table of Contents

  1. Generating CSR on Heroku
  2. Install an SSL Certificate on Heroku
  3. Where to buy an SSL Certificate for Heroku?
the Heroku dashboard showing deployed applications, management options, and real-time logs, with navigation menus for app settings, metrics, and configurations.

Generating CSR on Heroku

CSR (Certificate Signing Request) is a text file you must submit to the Certificate Authority as part of the SSL application process. It contains the required information about domain ownership and your organization. If the CSR details are not correct or out of date, the CA will not sign your certificate.

Since you can’t generate a CSR code directly on Heroku, you have two alternative options.

You have two options:

  1. You can use our CSR Generator, it will automatically create the CSR and private key, based on your information.
  2. Follow our step-by-step tutorial on how to generate CSR on Heroku on your local environment using OpnSSL, a built-in utility in Apache and Nginx servers.

Next, open the .csr file with any text editor and copy the whole text, including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags and paste it during your SSL order process with SSL Dragon.

Now, you have to wait until the CA verifies and validates your SSL request. Depending on the type of certificate, the process may take between a couple of minutes and 7 business days. Once you’ve received the certificate files in your inbox, continue with the installation steps.

Install an SSL Certificate on Heroku

In the past, you had to purchase the SSL Endpoint add-on for your app, worth $20 per month, to install an SSL certificate on Heroku. Today, HerokuSSL, a new free feature available under Heroku paid plans, allows you to manage SSL/TLS encryption for custom domains.

Step 1. Prepare all your SSL Certificate files

After your Certificate Authority validates your SSL request, you’ll receive all the necessary files in your inbox. To successfully install an SSL cert on Heroku you need the following files:

  • The main certificate file, usually with the .crt extension (PEM format)
  • The CA Bundle file, containing the root and intermediate certificates
  • The private key file, generated along with the CSR on the same server

Step 2. Combine your certificates

Please note that for Heroku you need to combine the primary certificate and the CA Bundle into a single file.

You can do it manually by opening the .crt and .ca-bundle files with any plain text editor and pasting the contents from the .ca-bundle file just below the contents in the .crt.file. Make sure there are no spaces between the codes.

Alternatively, via the command line, you can combine the files using the following command:

cat yourcertificate.crt bundle.ca-bundle > server.crt

Step 3. Install your certificate

You can install your certificate on HerokuSSL via the Dashboard or CLI. Select your preferable method.

Via Heroku Dashboard

  1. Open the Certificate
  2. Select the necessary application from the list, then select Settings
  3. Scroll down the page and in the Domains and certificates section click on Configure SSL
  4. A new window will appear on your screen. From the options presented, select Manually and click Continue
  5. Now you have to drag and drop the combined certificate and CA bundle file to the first box and click Continue
  6. In the second box, upload your Private Key file
  7. Heroku will prompt you to update the DNS records of your custom domain/subdomain

You’ll need to update your domain’s DNS settings using the following values:

  • Host/Name: your domain or subdomain (e.g. www.yourdomain.com)
  • Target/Points to: the unique Heroku DNS hostname assigned to you (e.g. quiet-fire-1234.herokudns.com)

Use a CNAME record if you’re pointing a subdomain like www.yourdomain.com.

If you’re pointing the root domain (like yourdomain.com), you’ll need to use an ALIAS or ANAME record (depending on your DNS provider), pointing to the same Heroku-assigned hostname.

Once you’ve configured the DNS, click on I’ve done this and then click on Continue. Please note that it may take a while before DNS is updated globally.

Congrats, your domain is now secured with an SSL certificate.

Via Heroku CLI

Use the following command to upload the combined certificate plus CA Bundle file and the Private key:

heroku certs:add server.crt server.key

If there isn’t a default Heroku app, you need to specify it as well using the —app flag. Here’s the command for that:

heroku certs:add server.crt server.key --app yourappname

Check if the correct certificate is installed:

heroku certs:info --app your-app-name

This will list all SSL certs and show which domain(s) they’re mapped to.

Note: If you receive an “Internal server error” message when uploading your certificate the reason may be an outdated Heroku CLI version. To fix the error, you’ll need to update the CLI version.

That’s it for the Heroku SSL installation. It’s always worth it to check your SSL certificate for potential errors right after the configuration. Use these excellent SSL tools to get instant status reports and vulnerability alerts.

Where to buy an SSL Certificate for Heroku?

When buying an SSL Certificate, you should pay attention to three crucial aspects: validation type, price, and flawless customer service. At SSL Dragon, we deliver them all! Our SSL certificates are signed by renowned Certificate Authorities, and thus are compatible with the majority of cloud platforms, including Heroku. Whether you need a cheap Domain Validation certificate or a premium Extended Validation product we’ve got you covered.

Get an SSL certificate now

SSL Dragon’s prices are the most competitive on the market, while our dedicated support team is highly appreciated by the existing customers. If you don’t know what type of SSL certificate to choose, simply use our SSL Wizard and Certificate Filter tools. They will help you find the ideal SSL product for your website.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.

Save 10% on SSL Certificates when ordering from SSL Dragon today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

Order Now
A detailed image of a dragon in flight
Written by

I've been writing for SSL Dragon for over 10 years, focusing entirely on SSL certificates and digital security. My job is to take complex cybersecurity topics and strip away the jargon, making sure you get the clear, practical information you need to keep your website safe.

How to Install SSL
A cloud icon
Cloud Platforms
Tutorials