Apps using CloudFlare, a custom domain with an
herokudns.com endpoint and no custom SSL certificate will see a "Error 525 - SSL handshake failed" message.
Since December 2016 all newly provisioned apps will use
herokudns.com endpoints by default. https://devcenter.heroku.com/changelog-items/1060
This issue with CloudFlare occurs when the following conditions are satisfied:
- app has a custom domain
- app does not have a custom SSL certificate (therefore defaults to using
- "SSL Full (Strict)" is enabled on CloudFlare
If you need "SSL Full" communication between your app and Cloudflare you will need to specify the
appname.herokuapp.com domain (instead of the
herokudns.com equivalent) as the CloudFlare backend, in order to use the free
*.herokuapp.com certificate. If this isn't possible for some reason you will need to add a custom certificate to the app to handle requests for custom domains https://devcenter.heroku.com/articles/ssl The error occurs because a
https request for a custom domain defaults to using the
*.herokuapp.com certificate causing a certificate mismatch error.