How to Install an SSL Certificate on Heroku Server?

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Install SSL Certificate on Heroku Server

SSL Certificate Installation on Heroku: A Step-By-Step Breakdown

Securing websites with SSL certificates has grown more crucial as more organizations move their operations online. Make sure your website is secure from online attacks if you’re utilizing Heroku as your web hosting platform. Although installing an SSL certificate on Heroku can appear difficult, it’s rather simple.

To secure your website and offer your customers confidence, we’ll walk you through the SSL installation steps on Heroku in this blog.

Generate CSR and Private Key

Before anything else, you must generate a CSR code. With our CSR generator tool, the process is quick & doesn’t require you to be an expert in SSL or Heroku. Or, perform these steps to Generate CSR on Heroku.

The next step is to access the .csr file after the code has been generated. A text editor can do it. Copy the full text, including the tags —-BEGIN NEW CERTIFICATE REQUEST—- and —-END NEW CERTIFICATE REQUEST—-, after it has been opened. When placing your order for an SSL certificate, you will require this.

Depending on the certificate you choose, the procedure could take a few seconds or up to five or seven business days. The Certificate Authority will provide you with all the certificate files after your verification is complete. Now you may start the installation process.

Steps to Install SSL on Heroku

To install an SSL certificate on Heroku, you’ll need the main certificate file (usually with a .crt extension), the CA Bundle file containing root and intermediate certificates, and the private key file that was generated with the CSR on the same server.

Once your Certificate Authority has validated your SSL request, you’ll receive these files in your inbox. The first step of the installation process is creating an SSL endpoint on Heroku.

If you use Heroku, you might be familiar with the SSL Endpoint add-on, as installing an SSL certificate for your app was once required. But, since their membership plans now include HerokuSSL, a new free utility, you may handle SSL encryption for your custom domains without having to pay an additional charge.

We’ll walk you through the installation processes for both HerokuSSL and SSL Endpoint so you can choose the option that best satisfies your needs.

Step 1: Certificate Combination

The primary certificate and the CA Bundle need to be combined into a single file before you can continue with the installation process. If you wish to accomplish it manually, use any plain text editor > open the .crt and .ca-bundle files > paste the contents of the .ca-bundle file underneath the contents of the .crt file.

You must make sure there are no spaces between the codes, though. 

If you don’t want the manual way, you can execute the following command on the command line to easily join the files:

cat yourcertificate.crt > server.crt

Step 2: Certificate Installation

HerokuSSL allows for easy installation of SSL certificates via either the Dashboard or CLI. The Dashboard method is quick and simple. Let’s start with that.

Dashboard Method

  • After opening the Certificate and selecting your desired application from the list
  • Navigate to the Settings section
  • Click on Configure SSL under the Domains and certificates tab
  • Choose the Manually option and drag & drop your combined certificate and CA bundle file into the first box. 
  • Click on Continue.  Upload your Private Key file into the second box and update the DNS records of your custom domain/subdomain by creating a CNAME record with the values provided.

Note: To create a CNAME record for your custom domain/subdomain on Heroku, you need to set the Host value (also called ‘Name’) as your domain/subdomain and the Target value (also called ‘Points to’) as your-domain/

Here’s an example: CNAME or CNAME

  • Once the DNS is updated globally, click I’ve done this and then Continue. Congratulations, your domain is now protected with an SSL certificate!

You have successfully installed an SSL certificate on Heroku.

Another method of installing SSL is via Heroku Dashboard.

Install SSL on Heroku using CLI (Command Line Interface)

  • To upload the combined certificate and CA Bundle file along with the Private Key, execute the following command:
heroku certs:add server.crt server.key
  • If you don’t have a default Heroku app, using the –app flag will be needed to specify it. Here’s the command for that:
heroku certs:add server.crt server.key --app yourappname
  • To verify if the correct certificate is installed, run:
heroku certs:info

Note: Sometimes, while uploading the certificate, users have complained about receiving an “Internal server error.” An outdated CLI version could be one of the major reasons for it so updating it, to its latest version will troubleshoot the error.

Step 3: Install the SSL certificate on SSL Endpoint

To install the SSL certificate on SSL Endpoint, you need to create one first. Begin by running the following common d in your local environment prompt:

$ heroku addons:create ssl:endpoint
  • Once you finish it upload the .crt file to the SSL directory of your application. Then, to complete the setup, combine the main certificate with the CA bundle certificate into one file. You can run the following command for that:
$ cat your-domain.crt bundle.crt > server.crt

This will combine the certificate files into a single file for use with your SSL endpoint.

  • The next step is to import the private key and certificate to the endpoint. Apply the following command for it.
$ cat your-domain.crt bundle.crt > server.crt

The output will show the details of your SSL certificate, including the hostname selected for your SSL endpoint and its expiration date. It may take up to 30 minutes (or sometimes up to 2 hours) for the endpoint creation to complete.

  • After setting up your SSL endpoint, the next step is to redirect requests for your protected domain to the Heroku endpoint hostname. In case you have not added the domain to your app yet, run the command below:
$ heroku domains:add

Running this command will add the domain to your app and display a confirmation message as

Adding to yourdomain… done

  • Next, create a CNAME record to redirect requests to the endpoint hostname. Ensure that you replace “your-domain” with the relevant information. Here’s how to create a CNAME record:

Record type – CNAME

Name – www

Target –

For Wildcard Certificates, create a similar record:

Record type – CNAME

Name – *

Target –

When setting a CNAME record for the root (@) domain, it will override all other records set up for the domain. Therefore, it’s essential to ensure that your certificate covers the subdomain if you want to create a CNAME for a subdomain such as,, or *

  • You can set up a certificate issued for a bare domain ( But for that, your DNS provider must offer CNAME-like functionality at the zone apex. This will allow you to create a CNAME record for the bare domain, which can be used to redirect requests to your Heroku SSL endpoint hostname.
  • Always read the specifications thoroughly while purchasing an SSL certificate. Some certificates may not support both with and without the “www” feature, which could cause issues with your SSL configuration.

That’s it! You have successfully finished the installation of SSL on Heroku. If you want to get a status report of it, you can always go for SSL Checker tool. It will make sure your SSL installation is running smoothly. 

Where to Get the Best SSL Certificate for Installing on Heroku?

At Certera, we believe that securing your website and online transactions should be simple, hassle-free, and affordable. That’s why we offer a wide range of SSL certificates for Heroku, including DV SSL, OV SSL, and EV SSL Certificates, from basic to advanced, to fit the unique needs of your business. Our SSL certificates come with advanced features, including unlimited server licenses, strong encryption, & fast issuance so that you can secure your website in just minutes.

Buy SSL Certificates
<?xml version="1.0" encoding="UTF-8"?><svg id="Layer_1" xmlns="" viewBox="0 0 109.7 29.02"><defs><style>.cls-1{fill:#fff;}</style></defs><path class="cls-1" d="m5.38,22.85c-3.1-.26-5.3-1.92-5.38-4.8h3.6c.1,1.1.67,1.85,1.78,2.09v-4.58c-2.47-.62-5.38-1.32-5.38-4.87,0-2.83,2.26-4.68,5.38-4.92v-1.94h1.54v1.94c3,.24,5.02,1.85,5.23,4.7h-3.62c-.1-.94-.67-1.66-1.61-1.94v4.54c2.5.65,5.42,1.3,5.42,4.85,0,2.45-1.92,4.73-5.42,4.97v1.94h-1.54v-1.97Zm0-10.25v-4.15c-1.1.17-1.87.84-1.87,2.06,0,1.13.77,1.7,1.87,2.09Zm1.54,3.38v4.2c1.22-.22,1.94-1.06,1.94-2.14s-.82-1.68-1.94-2.06Z"/><path class="cls-1" d="m17.62,8.33h-2.33v-3.1h5.78v17.5h-3.46v-14.4Z"/><path class="cls-1" d="m28.27,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.91-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m41.28,22.9c-1.22,0-2.09-.86-2.09-1.97s.86-1.97,2.09-1.97,2.04.86,2.04,1.97-.86,1.97-2.04,1.97Z"/><path class="cls-1" d="m49.54,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.91-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m64.56,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.9-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m81.79,0h3.29l-6.48,27.07h-3.29L81.79,0Z"/><path class="cls-1" d="m96.89,9.43h3.58l-8.23,19.59h-3.58l2.88-6.62-5.33-12.96h3.77l3.43,9.29,3.48-9.29Z"/><path class="cls-1" d="m105.62,22.73h-3.36v-13.3h3.36v2.06c.84-1.37,2.23-2.26,4.08-2.26v3.53h-.89c-1.99,0-3.19.77-3.19,3.34v6.62Z"/></svg>