Announcing Free and Automated SSL Certs For All Paid Dynos

Listen to this article

We are happy to announce the general availability of Automated Certificate Management (ACM) for all paid Heroku dynos. With ACM, the cumbersome and costly process of provisioning and managing SSL certificates is replaced with a simple experience that is free for all paid Dynos on Heroku’s Common Runtime. Creating secure web applications has never been more important, and with ACM and the Let’s Encrypt project, never easier.

ACM handles all aspects of SSL/TLS certificates for custom domains; you no longer have to purchase certificates, or worry about their expiration or renewal. ACM builds directly on our recent release of Heroku Free SSL to make encryption the default for web applications and helps you protect against eavesdropping, cookie theft, and content hijacking. Heroku has always made it easy to add SSL encryption to web applications — today’s release of ACM extends that further to automatically generate a TLS certificate issued by Let’s Encrypt for your application’s custom domains.

Every time you upgrade from a Free dyno to a Hobby or Professional dyno, we will automatically generate a TLS certificate for all custom domains on your application. You will need to ensure that your application’s custom domains are pointed to the correct DNS targets as specified in heroku domains .

For existing applications, you can enable ACM by simply going to your application’s settings page and clicking the “Configure SSL” button.

Or you can run the CLI command:

$ heroku certs:auto:enable -a <app name>

If your application was not using Heroku SSL, update your DNS settings for your custom domain to its new DNS target and run heroku domains to verify.

Run the following to verify whether your application’s domains are covered by Automated Certificate Management:

$ heroku certs:auto

For more details, including how to migrate from the SSL endpoint add-on, please see our Dev Center documentation.