If you've kept up till now with this series your application is hopefully/mostly functional on your home server with Heroku hosting its' backend API but you keep getting an error of
Fear not! This is a pretty common SSL error during the loading of a website that, in most cases, is due to certificate misconfiguration on a server or lack of a certificate on a server.
At this point of this process this error actually makes since because
- I actually haven't configured any SLL yet.
- A new server is not automatically configured to have a HTTPS certificate.
- Specific to my case, this error occurs because I am pointing my local DNS to the generic herokuapp.com Heroku endpoint, which is not able to be certified for my local server.
To fix this error we have a few things we could do:
- Create our own self-signed Certificate and configure Heroku to accept it specifically for testing.
- Use the SSL host name provided by Heroku for purchase: "herokudns.com" or "herokussl.com" depending on your setup.
- Get a Certificate from a Trusted Certificate Authority; which is very similar to the Heroku specific SSL host names, but through different third parties.
For this part of the series I will be showing how I created my own self-signed certificate on my server that I will be using when I set up my backend API in the next part of this series.
So you want to create your own Certificate and configure it for testing. It's great to lean about how this is done as certificates are and important part of the encryption process of HTTPS. It should be noted that there is some not-so-pretty math involved with encryption and should really be left to the experts in a production environment; so take this all with a grain of salt as I am no encryption expert. As for me, I am just curious to see how a general certificate is made and signed so here is how I did it and the tutorial I used to get around configuring Heroku.
mod_sslmodule on Apache by running the command
sudo a2enmod ssl.
mod_sslis an Apache module that provides support for SSL encryption.
- Restart the Apache Service on the server with
sudo systemctl restart apache2.
- Create the SSL certificate by running
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt. Once run this command will prompt you for some basic information about your site/company like this image.
- You can name the cert anything but I was following the tutorial so I left it as "apache-selfsigned".
reqflag is like "request" with a 'Q' and not a 'G'. This caught me up when setting up mine.
Now that the Apache module is enabled and the certificate is created Apache needs to be configured to use SSL. To do this you will need to modify the application's
conf file and redirecting any HTTP requests to HTTPS.
sudo nano /etc/apache2/sites-enabled/etcpasswdapp.confto open the apps
conffile for editing.
- Add the SSL configuration to the file below the "DocumentRoot" section. Yours will look similar as the image below, but with whatever you named your cert.
- While still in the
conffile add in a second
<VirtualHost>at the bottom to separate out requests for HTTPS requests on port 443 and HTTP requests on port 80. As shown below, you can see that the second
<VirtualHost>for port 80 has a redirect option in it that will take any traffic from an HTTP request to your site and redirect it to the HTTPS address.
- Save the file and exit the editor.
- Restart the Apache service by running
systemctl restart apache2.
After all this is set up you still might have some issues with your browser giving you an error about the site being self-signed and is not safe. This is bad for a production site but for development it's fine for now because the only way to fix this is to get a official signed certificate for a Certificate Authority like Cloudflare. To get around this now click on the "advanced" and tell the browser you are in that it is safe.
Now with the app functional with Heroku hosting its API, it's now time to migrate the API and database into the server.