I have a Heroku app with a free account. I also have a free account in Cloudflare.
I am trying to connect them with a Full SSL connection. In cloudflare, I see the following state:
However, I can't access my website with a secure connection.
I am getting an error 525:
I think the problem is with the settings in Heroku but I can't find much information online...
Any suggestions?
Use the app URL (appname.herokuapp.com) as CNAME value instead of the domain generated by Heroku.
In the Crypto settings on Cloudflare under SSL, change your value from Full SSL to Flexible
These days you have to follow this document: https://support.cloudflare.com/hc/en-us/articles/205893698-Configure-Cloudflare-and-Heroku-over-HTTPS
I encountered the same thing and just recently set this SSL for cloudflare to heroku. This is what i had to do.
Add your domain in heroku, for this example ill say my domain is test.com in heroku each domain will give you some random herokudns domain value for your domain used. You will need www and @ domain added. So in heroku you should see www.test.com and test.com and each one corresponding to one of herokus herokudns domains.
Add the CNAMES into cloudflare and use the herokudns domains you were provided
CNAME www heroku-domain-given1
CNAME @ heroku-domain-given2
Create origin certs in cloudflare - upload these into heroku under their SSL settings. Make sure you do not pick the enable ACM but the upload manual cert setting. This is how the SSL handshake is verified between cloudflare and heroku. Reference: Workaround for Heroku no longer supporting SSL behind Cloudflare ("Strict TLS in CDN not supported")?
Have you tried connecting directly to the host with SSL?
Perhaps try running ssl labs https://www.ssllabs.com/ssltest/analyze.html?d=YOUR-DOMAIN-HERE&latest to view which ciphers are supported etc.
I wonder if the cloudflare proxy to the host supports server name indication (SNI) since I presume that on the host end (Heroku) you don't have a dedicated IP.
