Custom domain SSL for a small project is not cheap
Although Heroku offer free piggyback SSL (ex. https://[yourDomain].herokuapp.com), SSL for your custom domain (ex. https://[yourDomain].com) costs $20/month.
I've only looked at a few other alternatives but they offer the same if not more expensive options.
A basic trusted SSL cert goes for ~$10/year, which is okay.
Adding SSL was a good experience but I will most likely drop it after the first month and redirect the sign up and sign in to the free piggyback version.
Does anyone know the drawbacks to this?
Written by Roger Lam
Related protips
4 Responses
Hey did you ever get an answer to this? I am very curious as well.
Thanks man!
Unfortunately, no.
My best guess is by letting Heroku take care of SSL, you dont have to worry about flaws in your own implementation but are relying on Heroku to provide sufficient security.
Not much evidence behind my opinion. Let me know if you find reasons too!
Just faced the same decision, and ended up going with the piggyback SSL. You kind of are answering your own question - if its for a small project, its not worth the cost and the drawback of your users seeing the heroku URL for one or two secure pages is not a deal breaker.
If its a big project...it should be worth the cost.
StartSSL has a free tier, give that a try: https://www.startssl.com/?app=1 #protip
Have a fresh tip? Share with Coderwall community!
