Installing SSL Certificate on Heroku

You can find instructions for installing an SSL certificate on a Heroku web server below.

Before You Start

Please make sure you have downloaded your certificate files. Still haven't downloaded your certificate? To get instructions on how to download your certificate (.zip), you can click here.

After downloading your certificate, you should have a ZIP containing the following certificate files:

  • certificate.crt
  • ca_bundle.crt
  • private.key

  1. As the first step, you will need to use the command line in order to create an SSL endpoint on Heroku. In your local environment, please execute the following command to create an SSL endpoint:

    $ heroku addons:create ssl:endpoint
  2. Next, you will need to upload your certificate.crt and ca_bundle.crt files into the SSL directory of your application. As soon as both files are uploaded, you will need to merge these files into one. To merge the files, run the following command:

    $ cat example.crt ca_bundle.crt  certificate.crt
  3. Now you can import your private.key file and your certificate.crt file using the command below:

    $ heroku certs:add certificate.crt private.key
  4. The response that follows will outline the details of your SSL certificate and installation, including the hostname selected for your SSL endpoint. Please note that in some cases it can take up to 30 minutes for your SSL endpoint to be created.

    Adding SSL Endpoint to example… done
    example now served by
    Certificate details: [certificate details]
    Expires at: [certificate details]
    Issuer: [certificate details]
    Starts at: [certificate details]

    In case you have not added the domain to your app yet, you can now run the following command:

    $ heroku domains:add
  5. As soon as your SSL endpoint has been created successfully, you will need to create a CNAME record in order to route all future requests for your domain to the new Heroku SSL endpoint's hostname. The CNAME should like like the example record below:

    • Record typeCNAME
    • Name@ or www
    • Point

    Please Note

    The CNAME record above contains example information. You will need to add your own Heroku endpoint hostname in order for the record to work correctly. If you do not want to set a CNAME record for your root domain (@ or www), you can also specify one for a sub-domain.

  6. Check Installation

    You have completed all required steps to install your SSL certificate. To check whether or not your certificate has been installed correctly, simply use the built-in ZeroSSL "Check Installation" tool or try accessing your domain using HTTPS, e.g.


Your site has now been secured using your new SSL certificate!


Please note that in order to install an SSL certificate on Heroku, you will need to purchase Heroku's SSL Endpoint Add-On.

Was this article helpful?
0 out of 0 found this helpful