heroku: set SSL certificates on Free Plan?

certificate https ssl heroku

I would like to set some SSL certificates for one app I have on heroku (a simple application based on nodeJS + Vue).

I know if I upgrade to the Hobby Plan (7$ for month) I can have it automatically.

But for now it would too much money for a test application, so I am wondering if I can achieve some similar goal also with a Free Plan.

so: Is it possible to set SSL certificate for an app on Heroku JUST with the Free Plan? Maybe in a complicated/tricky way via CLI?

From the Heroku pages and documentation it looks not possible. But I have to ask :)


Here I have a better approach to deal with this. As Heroku Doesn't provide SSL for Free Plan. But You can use Cloudflare which gives free SSL. You can Use Cloudflare As Bridge For SSL.

Requirement:

  1. Cloudflare Account
  2. Your Application should not have inbuild SSL redirection (like redirect-ssl) Otherwise, This will result in Too Many Redirect Error

Step 1: Point Your domain to CloudFlare. You basically open an account an enter your domain when prompted. You may be given instructions to change your domain name servers.

Step 2: Add Cname Record of Heroku Server in DNS of Cloudflare. Instructions are here Here You will get Some SSL Security Issue.

Step 3: Now Change Your SSL/TLS encryption mode to Flexible (Not Full). *Important enter image description here

Now Understand the Working:-

Client(Browser) Make Request to https://example.com First, the request reaches the Cloudflare with SSL. (User see encrypted connection to the server.)

Then Cloudflare makes request to Heroku Server(Origin) with Non-SSL (Non-Https and Unencrypted).

Then Heroku Server (Origin) returns the Response with Non-SSL to Cloudflare.

At the end Cloudflare forward the request to Client (Browser.)

You might think, What is the benefit of just encrypting half system. but "Something is better then nothing".

You are here because you don't want to spent money on heroku paid dynos.

This method is better for those who is using http. Atleast it protects the most vulnerable side (client side). Where most of the attack happen. There is very less chances of attack between cloudflare and your server. Because of network reach.

Having less vulnerable probability is better then 100% vulnerable system

I have tested this method and working on https://www.auedbaki.com


Late response but I'm adding here I just spent an hour trying to setup SSL with Heroku - resulting in a dead end.

The bottom line is that Heroku mentions they offer free SSL certificates but that's really not the case unless you have a Hobby ($7/mo) or Pro plan.

This link has more details and feedback from other users facing the same issue.

The answer above about LetsEncrypt is incorrect. Although you can get a free certificate, it cannot be included in a free Heroku app.

Other users have pointed to this article with a step-by-step guide but the guide is outdated and the 'Labs' option mentioned does not work with Heroku anymore.

see comments below for some alternative suggestions

In my specific case, I was able to get a free SSL on zeit.

Related

Call method from string
Programmatically get a screenshot of a page
Bring another processes Window to foreground when it has ShowInTaskbar = false
warning: Insecure world writable dir when I run a ruby or gem command
How do you check the Gem Version in Ruby at Runtime?
What is a lookup table?
Difference between "if x" and "if x is not None"
WPF XAML : How to disable multi selection in a DataGrid?
LESS file does not load (404)
Can I set a breakpoint when variable is getting a specific value in .NET?
Difference between float(2,2) and float() in mysql
Reduce border width on QR Codes generated by ZXing?