Hacker News new | ask | show | jobs
by grapehut 3819 days ago
That's not true, when you setup crypto in cloudflare you need pick between "Full SSL (Strict)" which requires a valid certificate, and "Full SSL (non-strict)" which allows you to use a self-signed certificate or what not, but there's no reason you should be using that mode if you already have a valid certificate (as is the heroku case).
1 comments
icebraining 3819 days ago
"Full SSL (Strict)" doesn't work with the certificate provided for free by Heroku:

  By default Heroku offers a wildcard SSL certificate which only covers
  ‘*.herokuapp.com’. This means that ‘Full SSL’ can be utilized as a default,
  which does not require that the SAN contains your FQDN. To utilize
  Full (Strict) you will need to add your own SSL certificate to your
  Heroku app, which can be done by using their ‘SSL Endpoint’ add-on.
https://support.cloudflare.com/hc/en-us/articles/205893698-C...
link