How do I configure a naked domain name to work using Heroku's SSL endpoint?

Question

I recently added SSL functionality to my Rails app running on Heroku. I successfully purchased and created a certificate for my domain and using a CNAME in GoDaddy, the WWW subdomain of my app works correctly when a user browses to www.myappname.com

The page loads without any warnings and the certificate works as is supposed to.

The CNAME looks something like this: host: www points to: myappnamefoobar-1234.herokussl.com

However when I simply go to the "naked" domain name - myappname.com, a certificate error comes up.

How do I configure the DNS settings in GoDaddy to make this work?

https://devcenter.heroku.com/articles/avoiding-naked-domains-dns-arecords

There is a whole article in Heroku's docs about naked domains but I don't see how this would apply to GoDaddy's DNS manager.

I know that Heroku has some sort of IP based SSL that costs $100/month but is there another way to accomplish this?

Answer 1

Root domains on Heroku require the use of ALIAS ANAME or FLATTENING records.

Unfortunately, a number of popular DNS hosts such as GoDaddy, Bluehost, Google Domains, OVH, Hostinger and others do not support these types of records. Many of these Providers will tell you there is no such thing as ALIAS, ANAME or FLATTENING Records and many of these providers will tell you to set an A Record instead, however;

A Records do not work with Heroku for routing A Records require static IP Addresses and static IP Addresses do not work with Heroku for routing, because Heroku (and many other cloud platforms) use dynamic IP's.

Alternate Options If your DNS Provider doesn't allow you to set ALIAS, ANAME or FLATTENING Records, there are several options available for you to get your domains working with Heroku.

1. Do not use a Root Domain This is the easiest solution. Root domains are technically not needed as long as you have a custom domain with subdomain set up. For example, you have a site with two domains; the root domain example.com, and the sub domain www.example.com. In this case, as long as you have www.example.com set up, example.com isn't needed as users can reach your site via www.example.com and to set up www.example.com you need to use CNAME Records which all DNS Providers allow you to set.

2. Redirect/ Forward your root domain to your sub domain Many users choose to redirect traffic from their root domain to a subdomain, EG: redirect/forward example.com > www.example.com.

However: The URL redirect / forwarding option only works for non-SSL requests. This means that:

Requests to http://example.com will successfully be redirected Requests to https://example.com will fail with an SSL error.

3. Use an Alternate DNS Provider The following are DNS Providers that do allow for setting ALIAS ANAME or FLATTENING records. Many of these DNS Providers will have guides on how to work with Heroku. Eg, using Flattening with Cloudflare

DNSimple DNS Made Easy/Constellix easyDNS PointDNS namecheap Gandi.net Cloudflare - Note: Cloudflare use CNAME Flattening. This is the same thing as an ALIAS or ANAME record

Answer 2

I don't think it's possible. Heroku strongly discourage IP based domains these days, the IP based SSL addon is deprecated now but the SSL endpoint doesn't work with IP so it would seem that they are moving away from supporting it.

The simple option is to have a redirect from the naked domain to the www. domain - but this would work on http:// but if a user tried to do it with https:// then it would probably show the certificate error message. It's not ideal but it works.