Skip to content

Instantly share code, notes, and snippets.

@AlbaHoo

AlbaHoo/SSL-Heroku.md

Created October 10, 2016 02:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AlbaHoo/14701897caad9325d3ba72a95d08660e to your computer and use it in GitHub Desktop.
Save AlbaHoo/14701897caad9325d3ba72a95d08660e to your computer and use it in GitHub Desktop.
Download ZIP
Update your SSL Certificate on Heroku with GoDaddy
Raw
SSL-Heroku.md

#Update SSL certificate on Heroku

##Generate private key To generate your private key you need to have Homebrew and OpenSSL installed on your mac.

First install Homebrew.

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Then, install OpenSSL.

brew install openssl

Now you can use OpenSSL to generate a new private key.

Heroku need a private key without password. So we'll generate a server.pass.key with password then server.key without.

openssl genrsa -des3 -out server.pass.key 2048

Remember the pass phrase you entered because you will need it for the second key.

openssl rsa -in server.pass.key -out server.key

##CSR (certificate signing request) to CRT (Certificate file) Use your private key to generate CSR.

openssl req -nodes -new -key server.key -out server.csr

Submit your CSR to GoDaddy then download your new certificate (2 certificates, the first one is your certificate and the second one is GoDaddy's certificate).

##Combine the two certificates downloaded from GoDaddy

cat 7yu67gfu30of.crt gd-bundle-g2-g1.crt > 7yu67gfu30of_bundle.crt

Change the permissions of this file.

chmod 755 7yu67gfu30of_bundle.crt

##Update the certificate on Heroku First, you need to have Heroku Toolbelt installed. Then, you need to log in.

heroku login

Verify that you allready have an SSL certificate.

heroku certs --app yourAppName

Now you're ready to upload your new SSL certificate to Heroku.

heroku certs:update 7yu67gfu30of_bundle.crt server.key --app yourAppName

You should get this in your terminal:

Resolving trust chain... done
 !    WARNING: Potentially Destructive Action
 !    This command will change the certificate of endpoint whatever.herokussl.com on yourAppName.
 !    To proceed, type "yourAppName" or re-run this command with --confirm yourAppName

Confirm that you really want to update your SSL certificate by typing you app name. Then you should get :

Updating SSL Endpoint whatever.herokussl.com for yourAppName... done
Updated certificate details:
Common Name(s): yourAppName.com
                www.your-app-name.com
Expires At:     2016-06-24 19:56 UTC
Issuer:         /OU=Domain Control Validated/CN=www.www.your-app-name.com
Starts At:      2015-06-25 20:08 UTC
Subject:        /OU=Domain Control Validated/CN=www.www.your-app-name.com
SSL certificate is verified by a root authority.

tested in June 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment