Update SSL certificate on Heroku from DNSimple
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
bin
exe
lib
spec
.env.example
.gitignore
.rspec
.rubocop.yml
.ruby-version
.travis.yml
Gemfile
Gemfile.lock
LICENSE
README.md
Rakefile
heroku_dnsimple_cert.gemspec

README.md

Upload Certificate from DNSimple to Heroku

This gem provides heroku-dnsimple-cert executable script to upload SSL certificate from DNSimple to Heroku application.

Heroku do the same thing NOW

Automated Certificate Management is enabled by default for all applications created after March 21, 2017 that are running on Hobby or Professional dynos.

What it does

  • Fetch certificate from DNSimple via API
  • Add or update certificate on Heroku via API

How to prepare

Issue certificate on DNSimple for the first time and enable auto-renew: https://support.dnsimple.com/articles/ordering-lets-encrypt-certificate/

Change your DNS for domain on your app www.yourdomainname.com.herokudns.com: https://devcenter.heroku.com/articles/ssl#change-your-dns-for-all-domains-on-your-app

Generate Heroku auth token:

heroku plugins:install heroku-cli-oauth
heroku authorizations:create -d "letsencrypt-heroku"

Generate DNSimple auth token: https://support.dnsimple.com/articles/api-access-token/

Installation

When certificate will be issued on DNSimple you need to run script to setup it to the Heroku application:

heroku-dnsimple-cert update \
  --dnsimple-account-id=DNSIMPLE_ACCOUNT_ID \
  --dnsimple-common-name=DNSIMPLE_COMMON_NAME \
  --dnsimple-domain=DNSIMPLE_DOMAIN \
  --dnsimple-token=DNSIMPLE_TOKEN \
  --heroku-app=HEROKU_APP \
  --heroku-token=HEROKU_TOKEN

You can configure these environment variables in .env or whatever you use, so that heroku-dnsimple-cert will use them by default:

DNSIMPLE_TOKEN=
DNSIMPLE_ACCOUNT_ID=
DNSIMPLE_DOMAIN=
DNSIMPLE_COMMON_NAME=
HEROKU_TOKEN=
HEROKU_APP=

At this point, you can verify that your application is serving your certificate by running:

openssl s_client -connect <dns target>:443 -servername <your domain>
# e.g. openssl s_client -connect www.example.com.herokudns.com:443 -servername www.example.com

Auto-renewal

To enable certificate renew for Rails applications:

  • Add gem "heroku_dnsimple_cert" into Gemfile
  • Setup required env variables on Heroku
  • Add Daily Job to Heroku Scheduler: if [ "$(date +%d)" = 01 ]; then bin/rake heroku_dnsimple_cert:update; fi

Develop

  • bin/build checks your specs and runs quality tools
  • bin/quality based on RuboCop
  • .rubocop.yml describes active checks

Credits

Ruby Base is maintained by Timur Vafin. It was written by Flatstack with the help of our contributors.