How To Update Intermediate SSL Cert on Heroku


How to update an SSL cert that needs to use an intermediate cert in order to be trusted.


Some SSL Certs need to use an intermediate cert in order for the SSL Certs to be considered trusted. The popular DNS Provider GoDaddy is an example of this.

Adding your SSL cert for the first time

If you are adding the SSL cert to your Herokuapp for the first time you can use the heroku certs:add command which allows you to add the intermediate cert as the fist argument in the command as documented here. EG:

heroku certs:add intermediary.crt server.crt server.key

Updating your cert in the future

There are some caveats regarding updating your SSL cert with an intermediate cert;

In general, the easiest method to update an SSL cert is to use heroku certs:update as documented here, but this command does not allow you to add the additional argument for the intermediate cert (intermediary.crt) and will result in an error. To get around this:

Concatenate the new cert and the intermediary cert together into a single cert file and then use the heroku certs:update command to update the cert. EG:

cat example-cert.crt example-intermediate-cert.crt > example-cert-bundle.crt

Note: you may need to apply the necessary permissions on the newly created cert file, before updating it on Heroku. EG:

chmod 775 example-cert-bundle.crt

Alternative options

  1. Remove the old cert, and add the new cert (along with the intermediate cert) as outlined above in the "Updating your cert for the first time" section. Once this is done make any other necessary updates, if necessary (like updating the domains to point to the new cert). See:

  2. Update certs via the Platform API endpoint ssl-endpoint update;

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support