Closed coreyhaines closed 9 months ago
friism
commented
1 year ago Thanks for opening this issue. Note that manually obtained and uploaded certificates do work with Eco apps, it's only Automated Certificate Management (ACM) that's not available (after posting this comment I'm going to tweak the issue description to reflect this).
Having said that, I think I agree that we should endeavor to make ACM available to Eco apps too
friism
commented
1 year ago Sorry, I made a mistake - manually uploaded certificates are not supported with Eco apps. My previous comment still stands though: this is something we'd like to enable.
gailfrederick
commented
1 year ago I ran into this use case today with an app I run on an eco dyno for a side project. SSL is enabled for eco dynos using the default
KWW-BeeLine
commented
1 year ago +1
I have spent decades doing development and support for low bandwidth NGO's around the world, and after learning today of this nonsense Heroku tax on poor people (no SSL cert for you unless you pay Heroku too much for services you don't need silly poor NGO, just get more money!) I will STRONGLY recommend against ever using Heroku to all my clients going forward and will be working with existing clients to remove them from Heroku ASAP.
There is NO REASON that a site shouldn't be able to use a free Let's Encrypt cert other than corporate greed. SHAME ON YOU HEROKU.
If you are considering a Heroku deployment: DON'T DO IT: contact me direct and I'll point you to options that don't fleece poor people.
ncomet
commented
1 year ago +1
I have spent decades doing development and support for low bandwidth NGO's around the world, and after learning today of this nonsense Heroku tax on poor people (no SSL cert for you unless you pay Heroku too much for services you don't need silly poor NGO, just get more money!) I will STRONGLY recommend against ever using Heroku to all my clients going forward and will be working with existing clients to remove them from Heroku ASAP.
There is NO REASON that a site shouldn't be able to use a free Let's Encrypt cert other than corporate greed. SHAME ON YOU HEROKU.
If you are considering a Heroku deployment: DON'T DO IT: contact me direct and I'll point you to options that don't fleece poor people.
I agree that security should never be a trade-off. That's a major deal breaker for companies, hope it will change soon.
andre5oto
commented
1 year ago This is the type of feedback we like to see to help us set priorities for our project backlog. We will begin discussions with internal teams for assignment, planning and scheduling of this work.
asaganda
commented
1 year ago So for apps deployed on eco dynos, there isn't a method to get a secure connection via SSL cert?
ncomet
commented
1 year ago So for apps deployed on eco dynos, there isn't a method to get a secure connection via SSL cert?
Precisely. Hard to believe right? Please upvote the first comment to send a signal.
asaganda
commented
1 year ago After I left my comment, I came to realize that my other apps on Heroku's eco dyno have a secure connection and run as expected
mryurii
commented
1 year ago +1 it's a bummer 🙄
andre5oto
commented
10 months ago Quick update: the work to enable ACM and manual certs on Eco is coming along with an anticipated release in the coming weeks.
vivekvj01
commented
9 months ago Hi,
To provide an update, we are actively working on this feature Please stay tuned this month
xavdid
commented
2 months ago The pricing page still implies that "Free SSL" is only available on basic dynos, not eco ones:
Is that just a matter of the docs being out of date?
Required Terms
What service(s) is this request for?
Heroku dynos
Tell us about what you're trying to solve. What challenges are you facing?
I would like to see ACM and manual SSL certs supported on eco dynos. Considering the security implications of non-ssl-secured sites, plus the ease of access using Let's Encrypt, not supporting SSL feels like it is opening up a new floodgate of insecure sites being built.