I use CloudFlare, but also want to use ACM. Is it possible to use both of these products together?
It is possible to use Cloudflare with Automated Certificate Management. Please follow the procedure below.
Make sure ACM is disabled on Heroku
Add the custom domain to the app:
$ heroku domains:add www.example.com Adding www.example.com to example-app... done Configure your app's DNS provider to point to the DNS Target whispering-willow-5678.herokudns.com. For help, see https://devcenter.heroku.com/articles/custom-domains
Configure Cloudflare. Add a
CNAMErecord with the sub domain (
wwwin this example, use
@for the root domain) as "Name" and the DNS Target (
whispering-willow-5678.herokudns.comin this example) as the "Domain name".
Disable HTTPS redirects on Cloudflare temporarily. If you're using HTTPS redirects on Cloudflare, you'll need to disable them temporarily at this point in the process. ACM will not be set up properly if HTTPS redirects are on while the ACM setup is in progress as ACM relies on a third-party Certificate Authority called Let's Encrypt, and their HTTP challenge requires port 80. Once ACM has been setup successfully, you can turn HTTPS redirects back on.
$ heroku certs:auto:enable
After a while, a TLS certificate is generated for your app's custom domains. A status of
Cert issued means that the ACM succeeded. This might take a couple of minutes and there's no way around this. With SSL Mode "Full (strict)", Cloudflare verifies the domain using the TLS certificate provided with ACM. Client programs accessing the custom domain see the TLS certificate provided by Cloudflare.
Note there is little need to have an SSL certificate on Heroku if you use Cloudflare - instead, you should consider generating a Cloudflare Origin SSL certificate and turning off ACM. See the setup guide here on how to do this.