How to set up SSL for naked domain from Google Domains to Heroku?

19

votes

I'm trying to use Heroku's Automatic Certificate Management to set up SSL for my site. My app is on heroku at myapp.herokuapp.com, and I currently have Subdomain Forwarding set up so that http://www.myapp.com properly shows my app.

What I want is to have my site hosted at https://myapp.com.

I ran heroku certs:auto:enable, but it shows:

=== Automatic Certificate Management is enabled on myapp

Domain             Status
─────────────────  ───────────
www.myapp.com      Failing

Running heroku domains shows:

=== myapp Heroku Domain
myapp.herokuapp.com

=== myapp Custom Domains
Domain Name        DNS Target
─────────────────  ───────────────────────────────
www.myapp.com      www.myapp.com.herokudns.com

Right now, in Google Domains, I have a Subdomain Forward from @.myapp.com to http://www.myapp.com. I also have a Custom Resource Record with the name www, type CNAME, and data myapp.herokuapp.com..

What do I need to change in my setup so that I can host my site at https://myapp.com?

sslherokuhttpsdnsgoogle-domains

If you find a solution to this problem please post it here. I have been looking for this answer for months.. and from what I can tell it seems to be impossible at the moment. At least with Google domains. - trentjones21

@trentjones21 will do. No luck yet - michaelsnowden

would love to know - alilland

Did you get your site set up at https://myapp.com? - Connor Leech

Are you saying that you want the browser location to end up at https://myapp.com, or would it be sufficient to have https://myapp.com redirect to https://www.myapp.com (like what you have going with the non-ssl side)? I just managed to make that option work. It may be that Google Domains has just started to support this. I'll write more detail as an answer if this is a valid solution. - cesoid

3 Answers

7

votes

Unfortunately, Google Domains does not support the ANAME or ALIAS record. You must use one of these for your apex domain. Here's the full list supported by Google Domains.

https://support.google.com/domains/answer/3290350

Heroku has a list of DNS providers that support the ALIAS or ANAME records here: https://devcenter.heroku.com/articles/custom-domains#add-a-custom-root-domain Personally, I use DNSimple and have had great success with them.

3

votes

The CNAME target needs to be www.myapp.com.herokudns.com. In your question above you only have the apex record in your DNS in myapp.com.herokudns.com. If this is not the case can you share the domain so I can dig the record for more information?

1

votes

I've had the same problem with Heroku and other PaaS providers over and over: depending who provides and manages the DNS for your domain you may or may not able to use a CNAME or ALIAS record on the naked domain. That's why we've created a simple service to solve this by applying a simple SSL redirection from the naked domain to the "www" under SSL, without changing your DNS management provider: NakedSSL will give you an IP and will create and host an SSL certificate for your naked domain (https://yourdomain.com), redirecting it to the HTTPS URL that you want (most likely "https://www.yourdomain.com").

Disclaimer: I'm obviously part of the team that created NakedSSL. I hope you don't take this as self-promotion (anyway we offer it for free for 1 domain, which totally fits the needs of 95% of developers/hobbyist out there), but as a way to deal with this annoying situation in an easy way.