Using certbot to establish SSL in a Rails App on heroku
This is an instruction for Mac OS X with homebrew
primary source:
Tomáš Vestenický on Medium - “How to set up SSL with Let’s Encrypt on Heroku for free”
Please, read this guide as a whole first, as this can’t be done step by step!
Please! donate to letsencrypt for their incredible service, if you use it.
Important/Update
heroku offers automated certificate management (acm) for free with paid dynos
-
install certbot
brew install certbot
- set up your app in heroku
- running on a hobby dyno at least
- Custom domains set up and running
- modify your controller (in this example
pages_controller.rb
- make sure your setting correspond with the following route settings)def letsencrypt # second-part-of-string-random-characters # will be a key that certbot / letsencrypt create for you # you need to replace "second-part-of-string-random-characters" later render text: "#{params[:id]}.second-part-of-string-random-characters" end
- add a route for your rails app in
routes.rb
# Let’s encrypt get '/.well-known/acme-challenge/:id' => 'pages#letsencrypt'
-
run certbot:
sudo certbot certonly --manual
the program will guide you through the setup, it needs your primary and valid contact email and urls (with and without “www”).
Certbot will ultimately present you a key. It will probably look like this.
120EgkFYSSYCvSQw3TNiUolJg_mOEl5RbKsO3oNbM7U.dfzRfvDOCKOH-QqfuudgpTf-mty5h13wZTRlIIp5Kax
Look for the “.” in the middle. Copy the part of the key after the dot and replace second-part-of-string-random-characters in your controller method for letsencrypt (see above).
DO NOT CONTINUE WITH CERTBOT!
-
your app is now set up properly, please push your app to heroku
-
after your updated app is online, continue with certbot and finish the process, the certificate and all keys will be generated for you under:
/etc/letsencrypt/live/<your.domain>/
- Now all what’s left to do, is pushing the keys to heroku for your app. Fire up a new terminal, replace
<your.domain>
and<your-app>
in the following line according to your setup:$ sudo heroku _certs:add /etc/letsencrypt/live/<your.domain>/fullchain.pem /etc/letsencrypt/live/<your.domain>/privkey.pem — app <your-app>
Finished
I do not need automation for this process, refreshing the certificate every 3 months is fine for me. One more time: Please do not forget to donate to letsencrypt for their incredible service.
Tomáš Vestenický on Medium - “How to set up SSL with Let’s Encrypt on Heroku for free”
linode: Install Let’s Encrypt to Create SSL Certificates
Bonus
In case you want your staging app not to enforce SSL:
- setup a environment variable on heroku for your production app e.g.
FORCE_SSL = true
and edit your app’sproduction.rb
to:config.force_ssl = true if ENV['FORCE_SSL'] == true
⬅️ Read previous Read next ➡️