3

I configured my Heroku app with SSL Endpoint from Heroku and bought the certificate from DNSimple. When I browse to my site, sometimes it shows up with the green https:// (on chrome) and other times (like when I click the home button for some reason) the https:// turns red and gets crossed out and the certificate goes back to Heroku's default one instead of the one I purchased. If then you click the lock (to see the SSL) it'll say Identity not verified. How come sometimes it works and sometimes it doesnt??

A few things I have configured

my application.rb says

config.force_ssl = false

but in my production environment I set that to true

config.force_ssl = true

Looking on Firefox in the technical details i get a

(Error code: ssl_error_bad_cert_domain)
Justin
  • 4,922
  • 2
  • 27
  • 69
  • running into the same problem now, did you ever find a solution for this? – Randall Ma Feb 16 '14 at 23:58
  • When did you configure your SSL? I let mine sit (propagate might be the word here) and after a day or two it started working. If this doesn't work for you, you should ask a question on S.O. and comment here with the question url and I'll try a help you figure it out – Justin Feb 17 '14 at 04:09
  • Yup, definitely works now. :) I was just confused because I couldn't understand why it would only appear propagated sometimes, even though I only have 1 DNS server configured in my desktop network settings. – Randall Ma Feb 17 '14 at 23:03
  • Yea I guess the trick is to let it propagate for a day or two. Glad it's working now. Cheers – Justin Feb 18 '14 at 00:22

1 Answers1

1

Check your DNS configuration. I may be, for some reason, the domain is pointing to the Heroku standard app endpoint and not the Heroku SSL endpoint.

If this is happening randomically, make sure you don't have two DNS records associated to the same hostname. In fact, if you created two CNAME one pointing to the SSL endpoint and one to the standard endpoint, your request will be randomly routed to one of those hostnames.

Simone Carletti
  • 173,507
  • 49
  • 363
  • 364
  • Yep I had it configured correctly. It appears to be working now. Now the only challenge left standing is getting the naked domain redirection! – Justin Nov 22 '13 at 16:38
  • Naked URL redirect is [not possible for SSL](http://support.dnsimple.com/articles/url-redirect-ssl). The solution is to point both the root domain and the www to the app and handle the redirect inside the app. – Simone Carletti Nov 22 '13 at 16:40