Purchasing an SSL Certificate from DNSimple
Last updated 26 August 2016
Table of Contents
You are not required to use DNSimple’s DNS service to purchase an SSL certificate from them, however you will need to sign up for an account and subscribe to a plan for the duration of the purchase process.
If you are only interested in securing a test or staging site and don’t want the added expense of purchasing an SSL certificate you can generate your own. For all production and consumer-facing sites it is recommended that you use a certificate purchased from an SSL certificate authority.
When you purchase an SSL certificate you need to specify the common name. The common name determines which hostnames are covered by the certificate. DNSimple provides both single name and wildcard certificates.
With a single-name certificate you can secure a single hostname, e.g.
subdomain.example.com. With DNSimple, the certificate used to secure the
www subdomain, e.g.,
www.example.com, also covers the root domain, e.g.,
With a wildcard certificate you can secure an entire single level subdomain. You use the
* symbol to indicate the subdomain, e.g.
bar.example.com but not
foo.bar.example.com. With DNSimple, the wildcard certificate used to secure the third-level subdomain
*.example.com also covers the root domain
For more information you can read the DNSimple article on choosing the SSL certificate common name.
Purchase the certificate
To purchase an SSL certificate with DNSimple, follow the instructions in the purchasing an SSL certificate article on the DNSimple website.
When purchasing a single-name certificate, enter
www in the “Host Name” field. This will generate a certificate for
www.example.com as well as
If you’re securing a subdomain other than
www, enter that in the “Host Name” field. However, be aware that the resulting certificate will not be valid for the root domain.
When purchasing a wildcard certificate, enter
* in the “Host Name” field or
*.subdomain if you want to purchase a certificate for
You can only secure the outermost single-level subdomains with a wildcard certificate.
It is recommended that you do not provide a custom CSR. Let DNSimple generate the CSR for you, as the DNSimple-generated CSR and private key are designed to be compatible with the Heroku infrastructure.
For more information you can read the DNSimple article on getting started with SSL certificates.
Validate the certificate
Once the certificate is purchased and submitted, you will receive an email from the Certificate Authority to validate your identity and domain ownership. Make sure to follow up with the email to approve the SSL certificate.
Install the certificate
Once the certificate is issued, the DNSimple certificate page will provide a link where you can download the certificate bundle and the private key to install them on Heroku. Click on the link “Install the certificate” to enter the installation wizard.
Select “Heroku” from the list of services and follow the instructions. The installation wizard will tell you exactly which files you have to download, and will package them according to the Heroku requirements.
Once you downloaded the files, follow the instructions on the DNSimple wizard to add the certificate to your application using the Heroku CLI.
In order to install the SSL certificate on Heroku you will need to provision an SSL endpoint.
More information is also available in the SSL certificates section of the DNSimple support site.