GIANT ROBOTS SMASHING INTO OTHER GIANT ROBOTS

Written by thoughtbot

SSL for Rails with Heroku and DNSimple

SSL certificates can be intimidating but Heroku and DNSimple make the process easy. The following steps should take us less than 15 minutes.

Buy the SSL certification from DNSimple

Buy a wildcard certificate from DNSimple. The wildcard (*) lets us use the same certificate on staging, production, and any other future subdomains (api, etc.).

Prepare the SSL certificate

Follow the wildcard certificate instructions to get .pem, .crt, and .key files prepared.

Follow these instructions to complete .key preparation, provision the SSL addon from Heroku, and add the certificate to Heroku:

heroku certs:add server.crt server.key

Replace it with:

heroku certs:add *.{pem,crt,key}

Otherwise, we might see an error like:

Updating SSL Endpoint myapp.herokussl.com for [heroku-app]... failed
 !    Internal server error.

Get SSL endpoint from Heroku

Run:

heroku certs

This provides us the correct end point for the SSL enabled domain. This is a domain that looks like tokyo-2121.herokussl.com.

Add Heroku SSL endpoint to DNSimple

Next, go to our DNSimple dashboard and update/add the CNAME record for the SSL enabled domain to point to (e.g.) tokyo-2121.herokussl.com.

Prepare Rails app

Make a one-line configuration change in our staging and production environment config files within our Rails app:

# config/environments/{staging,production}.rb
config.force_ssl = true

Deploy that change.

Now, if users type “ourdomain.com”, they should be redirected to “https://www.ourdomain.com” and our browser’s URL bar should display its appropriate indicator (perhaps a green lock) declaring the SSL certificate is valid.

What’s next?

Read our production checklist to see a full list of things, including SSL, that should be done before an application goes live.