Heroku with a SSL/TLS purchased from SSLRenewals – BYO Instructions

Buy yourself a “RapidSSL Certificate” at SSL Renewals. After you place your order, they may not send you an email, so log in and go to “Orders” and look for the “Generate” button

You must have access to admin@ your domain to proceed. They will send an email to verify your domain.

Generate a private key and CSR on your computer. (see instructions for mac OS or Windows)

Submit the .crt file, or certificate signing request, to SSL Nenewals. select for Web Server “Apache + MOD SSL”. Copy & paste the crt file into text box.

Use DNS authentication. It is easiest. You will need to set a TXT record on your domain name.

For “Please select the Secure Hashing Algorithm (SHA) you would like to use.” choose “SHA2-FULL-CHAIN”

Follow the instructions to create a TXT file. For the apex (root) domain, it should have no subdomain (leave blank). For a subdomain, it will instruct you to create a “domain” for a special content string.

The string is provided in what SSLRenewals calls “Alias Name”. Copy & paste this into into the “content” setting of your new TXT record (do this in your DNS manager)

At the end of the process, go to the SSL Renewals tab, find your order, and find the “Download Certificates” button. You will receive a folder called Certs-12345678

In it there will be several files:


You want to open in a text editor these three files: CACertificate-INTERMEDIATE.cer, CACertificate-ROOT.cer, ServerCertificate.cer

create a new file that contains the concatenated version of these three files, in this order:


Name your new file “-CHAINED” to distinguish it from the others.

Log into the Heroku web interface. Make sure you have deployed at least once.

On the command line, remove the automatically added Heroku SSL using

heroku certs:remove -a your-app-name

Verify with
heroku certs -a your-app-name

Back in the Heroku web interface, go to Settings > Configure SSL.

On the first screen, the “public certificate” is the new concatenated file you created. On the second screen the “private key” is the key you generated when you created the key & CSR.

(Reminder: never share your private key except with your web server provider.)


Amazon RDS on Heroku Still Works

Although Heroku has put a lot of attention into their own Postgres-based datbase architecture, Heroku Data, this article still works for rebels who want to use Amazon RDS on Heroku:

Note that I can’t seem to get “sslca” to work as a config option in my database.yml file (in Rails), I get this I get an error after deploying, upon connection

SSL_CTX_set_default_verify_paths failed

This happens when configuring by database.yml, which I shouldn’t be doing anyway.

Nonetheless, the configuration by DATABASE_URL (which is preferred for security anyway), does actually work.

Although it continues to work in 2018, this may not be good long-term strategy as my last conversations with Heroku support led me to conclude that their failover policies for catastrophic failures aren’t set up for an RDS- backed solution unless you go into Heroku Private Spaces, which you need to be an enterprise client for.


How to Install an Older Version of Rails

My post from four years ago with this same title is Google’s #2 result for a search for “How to Install an Older Version of Rails,” so I thought I’d make a repost with some updates.

You can install an older version of rails using this syntax:

rails _5.1.6_ new my-test-app

(Where “5.1.6” is the version you want and “my-test-app” is the name of your new rails app.)

Yes, you actually type those underscores around the version number.

If you get …

can’t find gem railties (>= 0.a) (Gem::GemNotFoundException)

You probably don’t have the right version of Rails itself installed as a gem; try this:

rails install -v=5.1.6


gem install rails -v 5.1.6

Then try again with…

rails _5.1.6_ new my-test-app