So I recently moved my app from another host to Heroku, and I've never
quite gotten SSL/custom domain issues working satisfactorily. I was
wondering if anybody could help me out. Here are the facts of the
case:
1. I have an SSL cert for my root domain (kitschnware.com), which will
give errors for other domains like www.kitschnware.com (or anything
ending with heroku.com).
2. When I moved my domain to Heroku, I had to switch the domain name
to another registrar. I have the root domain set up there, and that
works fine. I tried adding a 'www' subdomain that just does an HTTP
redirect to my root domain, but for some reason it just gives me their
default domain parking page. I think this is a problem on their end,
though. For now I've removed the subdomain from my registrar
completely. (Another note: my registrar 1&1 only allows me to set up
one A DNS record. The Heroku docs say to set three, but I can't. Not
sure if this is an issue or not.)
3. I'm using standard custom domains (not wildcard) on Heroku, and SNI
for SSL. In my custom domain setup I have both the root and 'www'
versions of my domain name listed. (It didn't seem to work otherwise
if users hit the 'www' subdomain.)
3. Per the Heroku custom domains documentation, I put some code in my
app to redirect any subdomain to the root domain, so users will always
hit an address that the SSL cert will work for. This seems to work
fine on Chrome and Firefox, but in Safari it gives an error ('The page
you were looking for doesn't exist.'--I think the error page is served
from 1&1). If you refresh the page, it redirects correctly. But this
will confuse users for sure. (Note: I'm not using the Zerigo DNS
plugin, because when I first tried it I couldn't get the root domain
redirect working correctly at all. This may work now that I've got the
custom code in my app, it might work, but I haven't tried switching it
again.)
4. Logging in (the only thing I use SSL for) is fine on Safari and
Firefox, but on Chrome it sometimes gives a scary warning page that
the server is actually heroku.com, not kitschnware.com. I just tried
logging out/in again (while in the same Chrome browser session) and
didn't get the error. So this isn't 100% repro, maybe it just happens
on each new browser session? I don't know if this is some artifact on
using SNI, but it only seems to happen in Chrome. This will also
confuse/scare users. :(
Surely somebody else has a similar setup running on Heroku--can
somebody tell me how you set things up?
Thanks in advance for any help!
--
You received this message because you are subscribed to the Google Groups
"Heroku" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/heroku?hl=en.
