Free HTTPS for Django project on Heroku

HTTPS is an important option for modern websites. With free SSL certificates from Let's Encrypt there is no excuses do not use it.

First of all, you have to need download Certbot install script:

$ wget

Give the permission for the file execution

$ chmod a+x ./certbot-auto

Then run it:

$ ./certbot-auto certonly --manual

The script will install all necessary packages and run certbot. Now you need to answer for a list of questions.

Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel):

Please read the Terms of Service at You must agree
in order to register with the ACME server at
(A)gree/(C)ancel: a
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
(Y)es/(N)o: y
Please enter in your domain name(s) (comma and/or space separated)
(Enter 'c' to cancel)

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?

Than you'll see something like that:

Make sure your web server displays the following content at before continuing:


This is a necessary to prove that you are the owner of the domain. And this part requires some changes in your application code. Add the next two lines to your settings module:


Then add the next lines to the main

if settings.LETSENCRYPT_URL:
    from django.http import HttpResponse
    urlpatterns += [
            lambda r: HttpResponse(settings.LETSENCRYPT_RESPONSE, content_type='text/plain'),

Now you need to setup environment variables LETSENCRYPT_URL and LETSENCRYPT_RESPONSE and restart the project dynos.

Heroku vars

Heroku restart all dynos menu

Heroku restart dynos dialog

Wait a few seconds for verification and the next message will be appeared:

web app
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ Your cert will expire on XXXX-XX-XX. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

Now you can use the files fullchain.pem and privkey.pem for Heroku.

Heroku Domains and certificates

Heroku configure ssl 1

Heroku configure ssl 2

And the last, do not forget to change your DNS:

Heroku configure ssl 3