Cheaper SSL on Heroku

Getting and running with SSL has always been expensive. Heroku for the longest time charged $20 a month to have a custom domain with SSL, and then it usually cost a lot of money to just buy a yearly cert (anywhere from $9 to $100 or more).

Earlier this week, I ran across Let's Encrypt with a Rails app on Heroku. This article is great. It shows you how to take a Let's Encrypt certificate, which are free, and add it to the $20 SSL on heroku.

Heroku calls this $20 a month SSL, SSL Endpoint. They now have a free SSL option called Heroku SSL. Heroku SSL is free if you pay for a dyno, so that means SSL on a custom domain is now $7 a month instead of $20! You lose support for older versions of Android and Windows, but in general, those versions are not really used, and are worth the cost savings!

Here is a list of commands I ran to get giftionary.city running with this new discounted option:

  • brew install certbot
  • sudo certbot certonly --manual
  • Verified my domains by deploying new static pages to my heroku app. One for each cert (www.giftionary.city and giftionary.city).
  • sudo heroku certs:add /etc/letsencrypt/live/giftionary.city/fullchain.pem /etc/letsencrypt/live/giftionary.city/privkey.pem --type=sni
  • Then I went and updated my DNS! Sadly my DNS provider doesn't support ALIAS records, so giftionary.city's cert doesn't work, but www.giftionary.city's does.


Pretty easy and fast way to get a cert. It expires in three months, which is kind of rough, but for free, I'm willing to deal with that.

  • Old world per year: ($20 * 12) + $100 = $340
  • New world per year: $7 * 12 = $84

I hope this helps!


p.s. Check out my post on how to update your cert once it expires in three months.


Related Posts

I love the internet. If possible I want to be able to touch it all times. I want to be able to see a billboard, find it interesting, and plug the company's website into a hand held device and find out about them. I want to walk past a cool t-shirt, or other product and place an order right there, or at least post information about it to either an online to-do list or twitter or something. I want information at my fingertips 24/7. This doesn't mean I'll be using this information at all times, but the possibility so that when something comes up I can know the answer to what glycyrrhizin is. This is the information age after all.

I upgraded to a new version of tachyons on my blog today. This is a continuation of the work I wrote about in "Upgrading CSS on natwelch.com". I'm not sure if I'm happy with the changes. I need to sit down and do some sketching to see if there is a design I like better by starting from the ground up.

I have meant to publish this for a while. This document is my rough post-mortem template that I use for outages.