Expedited SSL

This add-on is operated by Michael Joel Buckbee

SSL Certificate Purchase and Installation As A Service.

Expedited SSL

Last Updated: 07 May 2015

Table of Contents

Expedited SSL is an add-on for SSL certificate purchase and installation.

While you can manually purchase and install a SSL certificate from almost any provider that will work with Heroku, the process requires aligning versions and configurations of your local OpenSSL, CSR setup, certificate chaining and domain registration.

It’s trivially easy to mess up an early step in the process and not realize anything has gone wrong until you are presented with an extremely vague error message during a later stage of the installation.

The Expedited SSL add-on combines all of the manual steps into a repeatable process that can be executed very rapidly so that no details are missed, and that insures your site is correctly protected.

Expedited SSL works with all Heroku stacks, application languages and development environments.

Provisioning and configuring the add-on

Add the add-on to your application

Expedited SSL can be attached to a Heroku application via the CLI:

A list of all plans available can be found here.

$ heroku addons:create expeditedssl
-----> Adding expeditedssl to sharp-mountain-4005... done, v18 (free)

Grant access

Once Expedited SSL has been added, you will need to configure it for your specific app-instance.

From your app’s Resource Page, click the ‘Expedited SSL’ link under the ‘Add-ons’ section.

You’ll be asked to allow the Expedited SSL add-on access to your Heroku instance. This is a security measure to keep configuration access to your application as restricted as possible.

The add-on needs access to:

  • Check that the Heroku SSL Endpoint is configured
  • Read what Domains are attached to your application
  • Install the actual SSL Certificate
  • Verify that DNS Settings are correct post installation

After you have granted access to the add-on, you’ll answer a few questions about what domain and what admin information you’d like associated with the SSL Certificate.

Approve SSL generation request

Successfully completing the Certificate Request form will trigger an email to be sent to one of your domain contacts (emails listed on the domain registration).

This email will contain a link to a confirmation form where you must click ‘I Approve’.

This approval process is similar to a password-reset email where the ability to read email from a domain associated account is considered proof that you really do control the domain.

DNS configuration checks

After the SSL Certificate is installed, we’ll check that the domain you specified is now pointing to the correct Heroku SSL Endpoint and that no leftover DNS Settings are interfering with your new configuration.

Monitoring & logging

Stats and the current state of Expedited SSL can be displayed via the CLI.

$ heroku expeditedssl:command
example output

Expedited SSL activity can be observed within the Heroku log-stream:

$ heroku logs -t | grep 'expeditedssl pattern'


If you don’t receive the emails within an hour of completing the actions you should check your spam folder as the repetitive nature of the emails frequently gets them incorrectly marked as ‘spam’.

If you are using GMail, the emails typically are auto-sorted into the ‘Updates’ or ‘Promotions’ tabs.

If you still are unable to receive the email, please contact support@expeditedssl.com

Migrating between plans

Due to the immutable nature of issued SSL Certificates, it is not possible to migrate between the single and wildcard plans.

Removing the add-on

Expedited SSL can be removed via the CLI.

This will remove the SSL Certificate from your application

$ heroku addons:destroy expeditedssl
-----> Removing expeditedssl from sharp-mountain-4005... done, v20 (free)

Before removing Expedited SSL, you should switch your DNS Settings back to their non-SSL settings.


All Expedited SSL support and runtime issues should be submitted via one of the Heroku Support channels. Any non-support related issues or product feedback is welcome at mike@expeditedssl.com