Mel Mel - 22 days ago 7
Ruby Question

Rails - publishing on Heroku with Heroku SSL

I am having difficulty figuring out how to publish my rails app on Heroku.

My details are:


  1. Rails 5 app on a paid dyno

  2. Heroku SSL (not SSL Endpoint - given Heroku advises using SSL Endpoint only for legacy clients).

  3. Domain name provider: 123-reg

  4. SSL from Let's Encrypt plugin (rails gem).



In this post, I use: "mycustomdomainname" for the domain name that I own and I use "herokualias" to mean the name of the app that heroku generated for an alias to my app.

My issues are:

Production Check

The heroku production check shows an error message that says:

FAILED DNS configuration
Your DNS is not configured correctly. Your domain "mycustomdomain.com"'s ALIAS or ANAME record should point to herokualias.herokuapp.com.


FIRST ISSUE The production check warning says I need to point my dns to a herokuapp.com name. The heroku SSL docs say that I should point my dns to 'herokudns.com.' I only have herokudns.com records on my DNS. I'm not sure why the production check tells me to make 'herokuapp' records (since the production check also says that Heroku SSL check has passed.

The warning goes on to say:

When SSL is required, provision an SSL Endpoint and, for us apps, point your CNAME records to endpoint-name.herokussl.com (this change is not required for EU apps). Any other configuration will result in reduced availability.

In turn, the SSL Endpoint page goes on to say:

Check out our new free SSL offering, Heroku SSL. We only recommend using SSL endpoint for supporting legacy clients.

My conclusion from this series of documentation is that I should be trying to follow the Heroku SSL instructions (instead of the Heroku Endpoint instructions).

SSL

The Production check says: PASSED Heroku SSL

However, none of the checks that the Heroku SSL documentation tells me to try are passing.

The instructions on the Heroku SSL page say:

Change your DNS for all domains on your app
Verify your DNS settings by running dig www.yourdomainname.com cname +short. If it returns www.yourdomainname.com.herokudns.com then you have set it up correctly. If you are using an ALIAS or ANAME record, you can verify that based on the DNS provider. For instance, DNSimple will return a TXT record showing how your domain’s ALIAS is set-up.

https://devcenter.heroku.com/articles/ssl

I try this in my terminal and get the correct response.

Things I've checked:

host www.mycustomdomainname.com


returns:

Host www.mycustomdomainname.com not found: 3(NXDOMAIN)


host mycustomdomainname.com


returns:

mycustomdomainname.com mail is handled by 5 ALT2.ASPMX.L.GOOGLE.com.
mycustomdomainname.com mail is handled by 10 ASPMX3.GOOGLEMAIL.com.
mycustomdomainname.com mail is handled by 5 ALT1.ASPMX.L.GOOGLE.com.
mycustomdomainname.com mail is handled by 10 ASPMX2.GOOGLEMAIL.com.
mycustomdomainname.com mail is handled by 1 ASPMX.L.GOOGLE.com.


dig www.mycustomdomainname.com cname +short

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26058
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www..mycustomdomainname.com. IN CNAME

;; ANSWER SECTION:
www..mycustomdomainname.com. 14248 IN CNAME www.mycustomdomainname.herokudns.com.

;; Query time: 31 msec
;; SERVER: 175.45.91.201#53(175.45.91.201)
;; WHEN: Mon Oct 31 10:04:15 2016
;; MSG SIZE rcvd: 73

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47492
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;short. IN A

;; AUTHORITY SECTION:
. 69201 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016103001 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 175.45.91.201#53(175.45.91.201)
;; WHEN: Mon Oct 31 10:04:15 2016
;; MSG SIZE rcvd: 98


heroku domains returns:

=== herokualias Heroku Domain
herokualias.herokuapp.com

=== herokualias Custom Domains
Domain Name DNS Target
───────────────── ───────────────────────────────
mycustomdomainname.com mycustomdomainname.com.herokudns.com
www.mycustomdomainname.com www.mycustomdomainname.com.herokudns.com


heroku certs info

Certificate details:
Common Name(s): www.mycustomdomainname.com
Expires At: 2017-01-16 23:44 UTC
Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Starts At: 2016-10-18 23:44 UTC
Subject: /CN=www.mycustomdomainname.com
SSL certificate is self signed.


openssl s_client -connect www.mycustomdomain.com.herokudns:443 -servername
www.mycustomdomain.com


returns

gethostbyname failure
connect:errno=0


DNS configuration

My 123-reg config has 2 cname records being:

www.mycustomdomainname.herokudns.app.
mycustomdomainname.herokudns.app.


123-reg does not provide any support for heroku. I can't get any help from them to see if this requires any additional records on the DNS for this to work.

I have previously asked questions on SO here and here to try and get help to publish on heroku. I wasn't able to get any advice: Rails - Configuring DNS to host with Heroku (123-reg)

My questions on this topic have previously been voted down and someone has been kind enough to explain that this forum is not a place to ask questions about configuring deployment. I was referred to Server Fault to try to find help. I did try, but wasn't able to find help. I'm pressing on with this attempt to find help because I've seen others trying to solve similar problems on this forum (here).

Please can anyone refer me to step by step instructions for publishing on heroku with this config. I think the Heroku documentation is inherently conflicting. I can't find a way through this.

Answer

You've got stuff almost setup properly.

If your two domain names are

www.mycustomdomainname.com and mycustomdomainname.com

You want to point DNS as a CNAME/AlIAS record to www.mycustomdomainname.com.herokudns.com and mycustomdomainname.com.herokudns.com respectively.

What you've listed out is point to www.mycustomdomain.herokudns.app (so you're missing the .com after your domain name and you have a .app instead of .com at the end).

As for production check, I'll work with our product team to get that fixed up.