Heroku Naked SSL Custom Domain

Question

I'm trying to find a current, up to date answer for setting up naked domain with Godaddy and Heroku SSL. My goal is for all pages to land on a secure page at https://www.example.com

https://www.example.com does go to a secure page.

example.com goes to an insecure page.

https://example.com does not work.

My current set up is as follows:

In heroku settings:

Domain Name | DNS Target

example.com | example.com.herokudns.com

www.example.com | www.my-domain.herokudns.com

Go Daddy Settings:

CNAME | www | www.example.com.herokudns.com

Forwarding settings:

Forward to: https:// | www.example.com

Answer 1

Yeah, it's a pretty stupid issue that some of the big DNS manager providers out there still have. The way to solve it is to have a server with an SSL certificate installed, and then point your naked domain to that static IP. The server then will redirect to the "www" version of your domain, which is now served under SSL by Heroku. Tedious.

If you don't want to do all that, just use https://www.nakedssl.com , which does exactly that – but automated (and for free for one domain).

Disclaimer: I'm part of the team that created NakedSSL, but I hope you take this as help and not as self-promotion. As explained above, the problem is as easy as tedious to solve, and I think NakedSSL is a pretty straight forward workaround.

Answer 2

Solved it.

Best way to get SSL set up is to use this package which automatically makes every page on your app SSL. Fantastic package. https://www.npmjs.com/package/force-ssl-heroku

Getting the naked domain set up with Godaddy easily: Set forwarding to your domain: https://www.my-domain.com . This will redirect non www to the correct place. :)

Answer 3

I believe naked subdomain or wildcards are not supported by heroku automated certs because of the let's encryption restrictions . So you need to set up a subdomain everytime you want to use Heroku's automatic certs.

ALSO VERY IMPORTANT! Don't forget to remove or edit any unsercured links to external assets. Otherwise browsers will jugde the page with those links unsecured as described in the Modzilla support page about mixed content .

Answer 4

Root domains on Heroku require the use of ALIAS ANAME or FLATTENING records.

Unfortunately, a number of popular DNS hosts such as GoDaddy , Bluehost, Google Domains, OVH, Hostinger and others do not support these types of records. Many of these Providers will tell you there is no such thing as ALIAS, ANAME or FLATTENING Records and many of these providers will tell you to set an A Record instead, however;

• A Records do not work with Heroku for routing
• A Records require static IP Addresses and static IP Addresses do not work with Heroku for routing, because Heroku (and many other cloud platforms) use dynamic IP's.

Instead, you can either:

1. Not use a naked domain and just use your www sub domain
2. Redirect/ Forward your HTTP root domain to your www sub domain. This won't work for your HTTPS root domain though
3. Use an Alternate DNS Provider. Heroku recommends the following: https://help.heroku.com/NH44MODG/my-root-domain-isn-t-working-what-s-wrong