Our existing SSL certificate is about to expire, and so we're trying to install a new one. However, the instructions on Heroku are lacking...
To create the bundle, you're supposed to concatenate a bunch of intermediate cert files together in the correct order. Example on Heroku:
$ cat EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt > bundle.pem
(https://devcenter.heroku.com/articles/ssl-certificate-dnsimple)
We received a different set of files:
How should they be concatenated? Is this correct?:
$ cat (www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle.pem
I'm assuming we don't need to provision another SSL endpoint, we just update the one we have...
$ heroku certs:add server.crt server.key bundle.pem
(https://devcenter.heroku.com/articles/ssl-endpoint#provision-the-add-on)
But unclear to me what happens to the old certs the add on was originally provisioned with? Are they over-written? Do they need to be removed?
How should they be concatenated? Is this correct?:
If you supply the 3 files server.crt server.key bundle.pem, you can skip (www_our_domain).crt in the bundle. Otherwise, simply supply a server.crt and a server.key
$ cat (www_our_domain).crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > server.crt
I'm assuming we don't need to provision another SSL endpoint, we just update the one we have...
To update a certificate use heroku certs:update, not heroku certs:add. See the official docs.