Geek Answers Handbook

SSL on wildcard subdomains with CloudFlare and Heroku

I am working on a Ruby on Rails SaaS application with a custom subdomain for each company. When a company signs up, the user is redirected to his subdomain.myapp.io.

The application is hosted on Heroku, and DNS is hosted on CloudFlare. I use the free SSL feature provided by CloudFlare, which works as expected for https://myapp.io .

My problem is with SSL activity for subdomains. I wonder if this is possible without buying a wildcard SSL certificate.

Configure CloudFlare DNS:

myapp.io. 300 IN CNAME myapp.herokuapp.com. *.myapp.io. 300 IN CNAME myapp.herokuapp.com.

Setting up Heroku domains:

 myapp.io *.myapp.io

This works, but without SSL on the subdomains. You cannot use CloudFlare features (such as SSL Full) for wildcard subdomains (except for Entreprise users).

It seems to me that I need to buy an SSL wildcard certificate for my domain ($ 115 per year) and add the Endpoint Heroku SSL add-in ($ 7 / month). I'm wrong?

+5
source share
1 answer

Short answer:
You cannot have a free SSL wildcard (full protection) for subdomains in CloudFlare (free plan).

Long answer:
I mean, using wildcard with CloudFlare (free plan), CloudFlare proxy protection and acceleration are skipped (not orange cloud), so your source server SSL certificate will be used instead. Therefore, to enable SSL, you need to add a CNAME record for each subdomain (the cloud icon should be orange).

Example:
foo.myapp.io. 300 IN CNAME myapp.herokuapp.com.
bar.myapp.io. 300 IN CNAME myapp.herokuapp.com.

(You do not need to add entries for custom domains in Heroku if you already have * .myapp.io)

[EDIT]
Maybe you can add DNS records dynamically through the CloudFlare API ( https://api.cloudflare.com/#dns-records-for-a-zone-create-dns-record )
(I have not tried this ...)

Temporary solution:

As you said:

Hope this helps.

+4
source

More articles:


All Articles