Heroku SSL主机无法正常工作(Heroku |没有这样的应用程序)

时间:2016-06-04 21:13:36

标签: ssl heroku

我成功使用Letsencrypt生成证书,并使用以下方法将它们上传到Heroku:

this-site ********$ heroku addons:create ssl:endpoint
Creating ssl-graceful-41756... done, ($20.00/month)
Adding ssl-graceful-41756 to this-site... done
Next add your certificate with `heroku certs:add CERT KEY`.
Use `heroku addons:docs ssl` to view documentation.

this-site ********$ sudo heroku certs:add /etc/letsencrypt/live/www.this-site.com/fullchain.pem /etc/letsencrypt/live/www.this-site.com/privkey.pem
Resolving trust chain... done
Adding SSL Endpoint to this-site... done
this-site now served by qwasf-34234.herokussl.com
Certificate details:
Common Name(s): www.this-site.com
Expires At:     2016-09-02 19:15 UTC
Issuer:         /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Starts At:      2016-06-04 19:15 UTC
Subject:        /CN=www.this-site.com
SSL certificate is verified by a root authority.

然而,当我访问qwasf-34234.herokussl.com时,它无效。它有一个页面说:Heroku |没有这样的应用;该主机名没有配置应用程序。 也许应用程序所有者已将其重命名,或者您错误输入了该网址。

我正在复制并粘贴heroku给我的确切新主机。转到https://qwasf-34234.herokussl.com会产生相同的页面。

我通过以下方式验证了证书:

this-site ********$ heroku certs
Endpoint                    Common Name(s)         Expires               Trusted
--------------------------  ---------------------  --------------------  -------
qwasf-34234.herokussl.com  www.this-site.com  2016-09-02 19:15 UTC  True

更多检查:

this-site *******$ curl -kvI https://www.this-site.com
* Rebuilt URL to: https://www.michaelsutyak.com/
*   Trying 23.21.142.230...
* Connected to www.this-site.com (23.21.142.230) port 443 (#0)
* TLS 1.2 connection using TLS_********************
* Server certificate: *.herokuapp.com
* Server certificate: DigiCert ******
* Server certificate: DigiCert *******
> HEAD / HTTP/1.1
> Host: www.this-site.com
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Cowboy
Server: Cowboy
< Connection: keep-alive
Connection: keep-alive
< Vary: Accept-Encoding
Vary: Accept-Encoding
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Date: Sat, 04 Jun 2016 20:57:00 GMT
Date: Sat, 04 Jun 2016 20:57:00 GMT
< Via: 1.1 vegur
Via: 1.1 vegur

< 
* Connection #0 to host www.this-site.com left intact

这里发生了什么,这怎么办?我只想为我的网站https。

2 个答案:

答案 0 :(得分:1)

您无法直接访问Heroku SSL端点。该端点表示您需要将域指向的主机名,如Heroku文章的DNS and domain configuration中所述。

如果要指向子域(例如www.this-site.com),请在DNS托管提供商中创建DNS记录CNAME,将www记录指向Heroku SSL端点:

www CNAME qwasf-34234.herokussl.com

如果要指向根域(this-site.com),则需要使用支持根域的CNAME类记录的提供,explained in this Heroku articleyou can't use a CNAME for the root domain

确保您的域名仍未指向herokuapp.com主机名。

您可以通过向SSL端点发送cURL请求来测试我的断言,但是传递Host标头(如浏览器所做的那样)。

$ curl -i qwasf-34234.herokussl.com -H "Host: www.this-site.com"

答案 1 :(得分:0)

您无法访问Heroku为您提供的qwasf-34234.herokussl.com域名。相反,您应该将DNS更改为指向CNAME,而不是qwasf-34234.herokuapp.com