This add-on is operated by Nolasoft Development
SSL Certs Purchased and Installed Quick and Easy – No Endpoint Required
Last updated 12 December 2018
Table of Contents
Adding SSL to your application is now a simple, painless process thanks to SSL FastTrack. We handle the SSL certificate provisioning, the private key generation, as well as all the other steps needed to securely acquire an SSL certificate.
Getting started with SSL FastTrack is easy, and you should have a certificate for your domain within a matter of minutes.
SSL FastTrack requires two things of your app. First, the app must have at least one custom domain. Second, the app needs to be running web dyno(s) at the Hobby tier or above.
Your app must be running either Hobby or Professional web dynos. Currently, Free web dynos are not supported by Heroku for use with a custom SSL certificate.
About SNI with SSL
Because SSL FastTrack leverages SNI SSL termination, there are some restrictions in browser compatibility in rare instances. If you have a browser that is less than one of these versions, it will result in a connection error. It is worth noting that the amount of traffic from incompatible browsers is considerably small, less than 0.1% of overall platform traffic.
Firefox 2 and above
Internet Explorer 7 on Windows Vista and above
Windows Vista or OS X 10.6 with:
- Chrome 5.0.342.0
- Opera 14
- Safari 4
Mobile Safari on iOS 4.0 and above
Android 4.0 (“Ice Cream Sandwich”) and above
Windows Phone 7 and above
Provisioning SSL FastTrack
Add the add-on to your application
To see what SSL FastTrack plans are available, visit our Heroku Elements page.
To provision the add-on, simply run this command:
For a single domain-validated cert:
$ heroku addons:create sslfasttrack:single --app <app_name> Creating <app_name>-12345... done, (free) Adding <app_name>-12345 to <app_name>... done Setting SSLFASTTRACK_ID and restarting <app_name>... done, v3 Use `heroku addons:docs sslfasttrack` to view documentation.
For a wildcard (*.domain.com) cert:
$ heroku addons:create sslfasttrack:wildcard --app <app_name> Creating <app_name>-12345... done, (free) Adding <app_name>-12345 to <app_name>... done Setting SSLFASTTRACK_ID and restarting <app_name>... done, v3 Use `heroku addons:docs sslfasttrack` to view documentation.
Once finished, you’ll be able to complete the remainder of the process via the Heroku Dashboard or by running:
$ heroku addons:open sslfasttrack --app <app_name> Opening https://addons-sso.heroku.com/apps/...
You must grant access for the add-on to access your application. This allows us to perform the work necessary for provisioning and installing your SSL certificate.
The Prerequisites page verifies your app is ready for a custom SSL certificate.
Select URL for SSL
You must select the primary SSL URL for your application. If the URL you wish to run SSL on is not listed, be sure and add it to your application via the Settings screen.
Heroku currently limits applications to only one certificate per application.
SSL FastTrack is not currently allowed on apex (also known as root or naked) domains. To complete the SSL install, you must be able to CNAME your DNS record to a Heroku-provided subdomain. Due to how DNS works, CNAME entries are not compliant with apex domains. We recommend using a subdomain attached to your Heroku app for your SSL-secured address. If you do not currently have a subdomain on your app that you would like to use, we adding one via the app dashboard and then refreshing the SSL FastTrack “Select URL” page to pick up the new subdomain.
Select an approver
For security purposes, SSL certificates require approval by an email address associated with your domain registration. The list of addresses above is made up of emails from when your domain was registered along with an approved set of common admin emails. Depending on your registration, you may not recognize or have access to any of them. If you don’t recognize any of them, we suggest you try the following:
Contact your email host or domain registrar to forward or create an email at one of the addresses above.
If you have a “private” domain registration, contact your domain registrar to temporarily remove it. This may allow your personal email to be used depending on how the domain was set up.
Just remember, the requirement to use one of these emails is part of what makes SSL SECURE and prevents someone not authorized from mimicking you online.
Not sure if you can receive email at one of the addresses? Select it and click the “Send Test Email” button and we will send a test message to the address to see if you get it.
Once an approval has been requested, we are unable to change the approval address. Be sure you have access to the email address selected before continuing.
The certificate authority sends an email to the address selected in the previous step to approve the order. You must open the email, click the attached link, and click the “I Approve” button on the site that opens to approve the cert.
Once this is done, the certificate will be generated and our system will pick it up. Click the “Check Status” button and we will verify with the CA that they have issued the cert and install it on your application.
If you haven’t received the approval email within a few minutes, be sure and check your spam or promotions folders.
It typically only takes a few minutes after approving the order for the Check Status button to show the certificate is issued. If it takes more than 10 minutes, your order has likely been flagged by the certificate authority for manual review which can take up to 12 hours to complete. We save your progress throughout the installation process so you can return and check later. If urgent, send us an email at firstname.lastname@example.org and we can request that the CA expedite your review.
Once your certificate has been installed, you must update your DNS settings. We display the DNS entry currently set and what you need to update your settings to.
The CNAME record needs to be added via your domain registrar or DNS host. Login to where you purchased your domain or contact your domain host for assistance. As each host is different, we are unable to provide specific instructions for your host.
Once updated, click the Verify DNS button to continue and we will re-check your settings to verify they are correct.
DNS changes can take time to update over the Internet. We check against the authoritative name servers for your domain to minimize this time, but in rare cases it could take an hour or more depending on your registrar and domain settings.
Migrating Between Plans
Due to the nature of how SSL works, it’s not possible to migrate between different levels of plans.
Removing SSL FastTrack
To remove the add-on, run this command:
$ heroku addons:destroy sslfasttrack --app <app_name> ! WARNING: Destructive Action ! This command will affect the app: <app_name> ! To proceed, type "<app_name>" or re-run this command with --confirm <app_name>
This will remove your SSL certificate. You may need to install a new certificate or update your DNS settings depending on your application to continue access.
If you have questions, please contact us by opening a support ticket at help.heroku.com. Any non-support related issues or feedback are welcome at SSLFastTrack.com or by emailing email@example.com.