0

Having spent three days and read dozens and dozens of blogposts and articles and tried every possible combination of CNAME records & target URLs, I still cannot get my Heroku app working with my custom domain whose DNS is handled by Cloudflare. I continue to get a broken SSL error, or just "site can't be reached." The worst is when it works perfectly for an hour and I think I'm done, and then it goes back to being broken. That just confuses me to no end. Why would that happen?

I have generated a csr with OpenSSL, used it to generate a cert through Cloudflare, installed the cert on Heroku through their CLI, and used the herokussl.com endpoint they gave me for the CNAME records on Cloudflare.

Nonetheless, it is broken. I am kind of at wit's end for what to do. I feel like I have tried everything. Has anyone else had issues with this?

temporary_user_name
  • 123
  • 4
  • What cert did you install on Heroku? What happens if you access the app on Heroku directly, bypassing CloudFlare? [What is the site hostname?](https://meta.serverfault.com/q/963/126632) – Michael Hampton Nov 18 '18 at 14:05
  • Sorry-- the hostname is menutranslator.io. It works half the time in Chrome, half the time in Firefox, and half the time in mobile Safari. The other half of the time it either says the certificate is invalid or it says the site cannot be reached. I don't know what to make of that. And I'm not sure what you mean by "what cert"-- the one I got from Cloudflare using the CSR I generated with openssl. I followed [heroku's instructions on that matter](https://devcenter.heroku.com/articles/ssl-endpoint#acquire-ssl-certificate) to the letter. – temporary_user_name Nov 18 '18 at 14:22
  • All I see is a mixed content warning and some CSP warnings in the console. I suggest you clear your browser caches and work on those. – Michael Hampton Nov 18 '18 at 14:24
  • The mixed content warnings are from some temporary images, that's no bother. This is the real problem-- sometimes the result is as you've described, and sometimes it's "the site cannot be reached" or "invalid ssl certificate." The inconsistency is what's really driving me up the wall. This is like taking your car to the mechanic only to have it promptly stop making the noise it was making. – temporary_user_name Nov 18 '18 at 14:34
  • You still have CSP problems to fix, too. – Michael Hampton Nov 18 '18 at 14:46
  • Sorry, [this](https://imgur.com/a/zyRPdoD) is all I see in the console on page load...only mixed content warnings, no CSP warnings. Could you help me to fix it by telling me where you're seeing that? – temporary_user_name Nov 18 '18 at 14:55
  • I just looked at the console in Firefox and [they show up](https://i.stack.imgur.com/YcXwu.png). – Michael Hampton Nov 18 '18 at 15:36

0 Answers0