Announcing Free and Automated SSL Certs For All Paid Dynos

We are happy to announce the general availability of Automated Certificate Management (ACM) for all paid Heroku dynos. With ACM, the cumbersome and costly process of provisioning and managing SSL certificates is replaced with a simple experience that is free for all paid Dynos on Heroku’s Common Runtime. Creating secure web applications has never been more important, and with ACM and the Let’s Encrypt project, never easier.

ACM handles all aspects of SSL/TLS certificates for custom domains; you no longer have to purchase certificates, or worry about their expiration or renewal. ACM builds directly on our recent release of Heroku Free SSL to make encryption the default for web applications...

Read more →

How We Sped up SNI TLS Handshakes by 5x

During the development of the recently released Heroku SSL feature, a lot of work was carried out to stabilize the system and improve its speed. In this post, I will explain how we managed to improve the speed of our TLS handshakes by 4-5x.

The initial reports of speed issues were sent our way by beta customers who were unhappy about the low level of performance. This was understandable since, after all, we were not greenfielding a solution for which nothing existed, but actively trying to provide an alternative to the SSL Endpoint add-on, which is provided by a dedicated team working on elastic load balancers at AWS. At the same time, another of the worries we had was to figure out how...

Read more →

SSL Is Now Included on All Paid Dynos

Encrypted communication is now the norm for applications on the Internet. At Heroku, part of our mission is to spread encryption by making it easy for developers to setup and use SSL on every application. Today we take a big step forward in that mission by making Heroku SSL generally available, allowing you to easily add SSL encryption to your applications with nothing more than a valid SSL certificate and custom domain.

Heroku SSL is free for custom domains on Hobby dynos and above and relies on the SNI (“Server Name Indication”) extension which is now supported by the vast majority of browsers and client libraries. The current SSL endpoint will remain available for the increasingly rare...

Read more →

Announcing Heroku Free SSL Beta and Flexible Dyno Hours

Editor's Note: SSL Is Now Included on All Paid Dynos as of September 22, 2016

At Heroku, we want to make it easy for everyone to be able to learn and explore our service, and the related ecosystem of technologies, for free - be it student, professional developer, hobbyist or just curious individual. We view this as both part of our mission and our business model; it has never been a more interesting - or important - time to be a developer, and we want to help everyone become one.

Today we are announcing two important updates to help bring us closer to that goal: a new and free SSL service and a more flexible way to use free dyno hours. Heroku SSL is being introduced as beta today, and...

Read more →

SSL Hostname Add-on Public Beta

Ever since we launched the current IP-based solution at $100/month in response to customer demand, we have been pursuing a cheaper and more elegant solution for SSL with custom certificates on Heroku.

Today, we’re happy to announce the public beta of a new SSL add-on that accomplishes this goal. It’s called ssl:hostname, and is priced at $20/month. This new add-on will allow you enable SSL traffic to your application on any subdomain, such as or, using your own SSL certificate. Note that this is a paid beta, and you will be charged for using the add-on through the beta period.

Full docs are available here. You can install it via the heroku...

Read more →

Browse the blog archives, subscribe to the full-text feed, or visit the engineering blog.