Multiple SSL Certificates in One Heroku Application

Question

Is it possible to have many SSL certificates in the single Heroku Application ?

We have multiple domain names of different types and TLD\'s pointing to our applicati

Answer 1

There is a way to have multiple SSL endpoints routing traffic to the same app.

An SSL endpoint works by terminating the SSL connection and injecting the unencrypted traffic back in to the normal Heroku routing layer.

You can take advantage of this by creating a new app with a new SSL endpoint to terminate the SSL connection and route the traffic to your existing app:

1. Add your domain name to your app:

   $ heroku domains:add ssl.example.com

2. Create a new app:

   $ heroku create endpoint-for-example-com

3. Add the SSL endpoint add-on ($20/mo):

   $ heroku addons:create ssl:endpoint --app endpoint-for-example-com

4. Add your certificate to your new app:

    $ heroku certs:add server.crt bundle.pem server.key --app endpoint-for-example-com --type endpoint
    Resolving trust chain... done
    Adding SSL Endpoint to endpoint-for-example-com... done
    endpoint-for-example-com now served by kagawa-1482.herokussl.example.com
   

5. Use the ssl endpoint assigned to your new app (e.g. kagawa-1482.herokussl.example.com) as the CNAME host for the domain name you wish to secure. This is normally done in your domain's DNS configuration.

The new app does not need any dynos, but there will be a charge of $20 / month for the SSL endpoint add-on.

Notes:

• This solution is not documented by Heroku, so it's possible that they would remove or change this behaviour in the future. Heroku have confirmed that this is safe for production use.
• Be sure to create your endpoints in the same region as your primary app.
• It might take a while for your DNS changes to take effect.