Installing SSL Certificate on Heroku

  • To install an SSL certificate on a Heroku application, you need to use the Heroku SSL add-on, or if you're using Heroku Private Spaces, you can add your SSL certificate using Heroku Private Spaces. Here are the steps to install an SSL certificate on a Heroku app using the Heroku SSL add-on


  • You should have a Heroku account.

  • You should have access to your DNS provider to make necessary DNS changes.

  • You must have a valid SSL certificate. You can obtain one from a certificate authority like Let's Encrypt, or purchase one from a certificate provider.

  • To convert your .cer into different file formats, Utilize our eMudhra utility tool to seamlessly transform your files into .cer, .pfx (.p12), .jks, or .pem formats, and conveniently import zip files using our CSR tool."


1.Provision the Heroku SSL Add-On You need to add the Heroku SSL add-on to your application. You can do this using the Heroku CLI. Open your terminal and run: $ heroku addons:create ssl:endpoint

2.Next, you will need to upload your certificate.crt and ca_bundle.crt files into the SSL directory of your application. As soon as both files are uploaded, you will need to merge these files into one. To merge the files, run the following command: $ cat example.crt ca_bundle.crt certificate.crt

3.Add your SSL Certificate Now you can import your private.key file and your certificate.crt file using the command below: $ heroku certs:add certificate.crt private.key

4.The response that follows will outline the details of your SSL certificate and installation, including the hostname selected for your SSL endpoint. Please note that in some cases it can take up to 30 minutes for your SSL endpoint to be created.

Adding SSL Endpoint to example? done example now served by Certificate details: [certificate details] Expires at: [certificate details] Issuer: [certificate details] Starts at: [certificate details]

5.As soon as your SSL endpoint has been created successfully, you will need to create a CNAME record in order to route all future requests for your domain to the new Heroku SSL endpoint's hostname. The CNAME should like like the example record below:

  • Record type: CNAME

  • Name: @ or www

  • Point To:

Please Note

  • The CNAME record above contains example information. You will need to add your own Heroku endpoint hostname for the record to work correctly. If you do not want to set a CNAME record for your root domain (@ or www), you can also specify one for a sub-domain.

6.Update your Heroku App to use SSL

Make sure your Heroku app is configured to use SSL. You can check your application's settings to ensure that SSL is enabled. If it's not, you can enable it using the Heroku CLI: heroku features:enable http:endpoint

7.Check Installation

You have completed all the required steps to install your SSL certificate. Verify that the SSL certificate is correctly installed by accessing your website or service using HTTPS. After installing your certificate, it is a good practice to test your SSL setup using various online tools to ensure everything is working correctly.

Last updated

© eMudhra. All Rights Reserved.