I’ve been meaning to enable HTTPS for my personal site (and all of my others sites too) for some time now. It was always a pain in the ass or the spectre of a pain in the spectre of the ass. And not inexpensive.

Today, I finally did it. It was fairly painless and I’d like to document my process. Hopefully this helps somone in the future (including Future Me).

The three pieces that I care about working together well are: Heroku, LetsEncrypt and DNSimple.

---

Googling for setting up HTTPS using Heroku + LetsEncrypt + DNSimple didn’t much help.

Results were complicated, out of date, incomplete, or only about some combination of those three pieces, but not about all three of them together.

This was my experience on 2016–11–17. If you follow along with me, your mileage may vary. If you come across this post way after the publish date and these steps are wildy obsolete and you want to update them, please email me.

---

During the time since I’ve been wanting to enable HTTPS and finally got around to doing it today, Heroku made their HTTPS offering both free and much each easier, and DNSimple added a simple integration with LetsEncrypt. LetsEncrypt is totally free, so the expense of it was no longer part of the deterrant.

---

LetEncrypt

LetsEncrypt is the certificate authority in this setup. They exist. They do stuff. But for the sake of my experience, I did not interact with LetsEncrypt directly at all. (And I think that’s part of their goal, to be this piece of infrastructure that you use indirectly at a higher level, like say via your DNS provider.)

DNSimple

DNSimple is a DNS provider. They don’t host websites or database or anything like that. They make DNS management for my websites dead simple. Google Apps setup, one click. GitHub Pages, Heroku, AWS, one click.

At their core though, like all DNS providers, they connect a domain name, like example.com, to the computer where that website is served from, like an IP address or another domain name. Like, say, over on Heroku.

Heroku

I host all of my apps/site that are built with Ruby on Rails on Heroku. You can also host apps built in other languages and frameworks on Heroku. They’re a “Platform as a Service”. What that means for me, is that I focus on building my app in Rails and not worrying about how to install and scale up/down my Postgres database or whatever.

Heroku provides free HTTPS by default for all apps at their *.herokuapp.com subdomain. But that doesn’t help me in this case, because part of #indieweb ethos is to own your domain.

---

Setup

I use example.com all through this post. Any where I use example.com, you should change that to your actual domain. For example, my actual domain was veganstraightedge.com. Good luck!

1. Heroku: Use a Paid Dyno

SSL stuff is built in now for all non-free dynos (Heroku’s word for a vm, roughly). Alternately, I think you can use the paid $20/month SSL add-on with free dynos. I can imagine that going away. And either way, it’s net cheaper to pay $7/month for a Hobby dyno and get free SSL.

To migrate your free dyno to a paid dyno (Hobby tier, in this case), you can use this command on the terminal.

https://dashboard.heroku.com/apps/YOUR_USER_NAME

heroku dyno:type free --app YOUR_APP_NAME

OR you can do this through the web interface in your Heroku dashboard.

https://dashboard.heroku.com/apps/YOUR_APP_NAME/resources

2. DNSimple: Create Certs

You need to acquire the actual certs now. Go to your domain in DNSimple. Then click on SSL Certificates. You’ll be on a URL that looks like:

https://dnsimple.com/a/USER_ID/domains/example.com/ssl_certificates

Then click on Acquire an SSL Certificate which will take you to:

https://dnsimple.com/a/USER_ID/domains/example.com/certificates/new

Click on Continue under Let's Encrypt, taking you to:

https://dnsimple.com/a/USER_ID/domains/example.com/certificates/letsencrypt/new

Click the Automatically auto-renew the certificate check box.

Click Create certificate order.

On the confirmation page, click Confirm and request certificate.

Then, wait for the email. It “generally takes 30 minutes”.

3. DNSimple: Download Certs

From the email with the subject of:

SSL certificate www.exampl.com is issued

Click on the like to the certificate page, taking you to a URL that looks like:

https://dnsimple.com/a/USER_ID/domains/example.com/certificates/CERT_ID

Click Install the SSL Certificate.

Expand Heroku section.

Save the certificate bundle to your computer by clicking Download www_rabbleconf_com.pem.

Download the certificate private key by clicking on Download www_rabbleconf_com.key

Right now, before doing anything else, make backups! Copy them to a USB stick (that you trust), a backup hard-drive, whatever. Just put them somewhere else too.

4. Heroku: Add or Update Certs

These are the instructions Heroku CLI commands to run to add new or update existing certs, as copied from the DNSimple docs.

---

Install or Update the certificate on Heroku.

Run the Heroku certs:add command to install the certificate:

heroku certs:add www_example_com.pem www_example_com.key

If you are updating an existing certificate, for example in case of renewal, run the Heroku certs:update command to replace the existing certificate:

heroku certs:update www_example_com.pem www_example_com.key

If you had previously been using the legacy SSL Endpoint add-on, you will need to follow additional steps to upgrade to the new Heroku SSL system.

Check the certificate at Heroku.

Run the Heroku certs command to check the certificate:

heroku certs

---

All commands above assume that you’re running them from the directly that the Heroku app is in (has a git remote of heroku) and that the keys are also in that directory. DO NOT LEAVE YOUR KEYS IN THIS DIRECTORY AND ACCIDENTALLY git commit THEM.

If you are running these commands from some directory other than where the Heroku app is, you need to append --app appname to each command (where appname is the name of your Heroku app, which you can get by heroku info from the app directory) to tell Heroku which app to apply the commands to.

5. Local: Move Your Keys

Add all of this is done and you have confirmed that your new certs are in your Heroku app, move your keys to someplace safe. Your public key is fine to share publicly. It’s meant to be, actually. But your private key should be treated like a password, shared with no one and protected at all costs. If it leaks out, or if you think that it could’ve leaked out, you need to go through the steps to issue a new private/public key pair and update your Heroku certs.

6. Heroku: Add example.com and www.example.com to App

Heroku needs to know which domains your app should respond to. It can be one or many. It doesn’t matter. Personally, I prefer the naked or root or Apex domain as the canonical URL.

example.com instead of www.example.com.

I like to redirect all www.example.com requests to example.com. In order to do this, Heroku needs to have both example.com and www.example.com added to your app. It’s easy to do.

Run these two commands from your Heroku app directory.

heroku domains:add example.com
heroku domains:add www.example.com

Instead of example.com in the above commands, you’ll want to use your actual domain.

7. DNSimple: Use the Heroku Service

Meanwhile, back at DNSimple, you need to hook up the Heroku services to your domain.

First, find and click on your domain in your list of domains (or search for it in the search field). You’ll end up at a URL that looks something like.

https://dnsimple.com/a/ID/domains/example.com

Instead of ID, there will be a number that represents your user ID at DNSimple. It’s not important to know what it is, but mine will be different that yours.

In the sidebar, click DNS.

That’ll take your to a URL like:

https://dnsimple.com/a/ID/domains/example.com/dns

From there, under One click services, click Manage services.

Click the Infrastructure tab.

Find, Heroku in the list.

Click the + Add to add the Heroku service to your domain.

When prompted, enter your Heroku app’s name. (Again, that can be found by running heroku info from your Heroku app’s directory.)

Click Complete Heroku setup.

---

Now, you need to do that process again to add the Heroku SSL service to your domain.

Click the Infrastructure tab.

Find, Heroku SSL in the list.

Click the + Add to add the Heroku service to your domain.

When prompted, enter your Heroku app’s name. (Again, that can be found by running heroku info from your Heroku app’s directory.)

Click Complete Heroku setup.

8. Wait to Propagate

So… in theory, you’re done.

In practice, you might have to wait some indetermined amount of time for the DNS to propagate all over the internet, because reasons. But at this point, you can test.

Go to https://example.com. If you get your expected website, great! You did it!

Now, test the www to see if the redirect is working. Go to https://www.example.com. If you get redirected to https://example.com and you get your expected website, great! You did it again!

If not, you might just have to wait. You might also have to debug to find possible mistakes made along the way. Maybe you mistyped something along the wait. Double triple check everything on Heroku and DNSimple to make sure it’s what is expected. And make sure you didn’t copy paste example.com instead of your actual domain.

---

That’s it! Or at least, it was for me. I hope it goes well for you too. Best of luck!

Earlier this year, I redesigned the Indie Web Camp logo. Shortly after that, we (the indieweb community) decided to change the name of the community and idea and matching domain to Indie Web. Going forward, Indie Web Camp would be used just for the events.

I was a part of this decision and still think it was the right thing to do. But the then recently redesigned Indie Web Camp logo was no longer scoped properly to represent more than just the events. We would now need an Indie Web logo.

Simply removing the C from the IWC in the Indie Web Camp logo would leave it imbalanced. The I and C act as counterweights to each other with the pointy bottom bits of W acting as a kind of fulcrum.

I have been thinking about a new new logo for Indie Web to use on the community wiki, as an avatar on social media accounts, etc.

Part of my thinking for this design was to build it in such a way that it could be a part of larger design system for indieweb related things. Namely, I want to design logos for all of the building blocks (IndieAuth, Webmention, Micropub, et al (and maybe even microformats if Dan Cederholm would be ok with it)). I want an Indie Web logo and those building blocks logos to be able to work together in a coherent way.

One day in a Sacramento coffeeshop, I sketched some (mostly) square based logo ideas. I’ve also been drawn to hexagons for the basis of the design system because of how well they stack together.

To that end, tonight I explored a hexagonal logo design using the I from the Indie Web Camp logo and a re-imagined W to better fit into the space of the hexagon and to balance out the I. Then I added the chevron shape across the top sides to fill out the hexagonal space which also creates the illusion of a cube.

This is a first pass. I feel pretty good about it now. But like the Indie Web Camp logo before where we did a few rounds of iterations between the first draft and the final version, I expect that there will be some rounds of feedback and iteration.

As per the usual logo process, color and type treatment will come after the final one color design is finalized.

All discussion about this proposal should take place on the Indie Web community wiki /logo page.

Who is the Indie Web?

The Indie Web is made of people. It’s made by me. It can be made by you too. There’s no gatekeeper. You can join anytime without anyone’s permission. The Indie Web is made by everyone.

The Indie Web community is a small but growing group of people from several countries. We’re on a few but not not continents. We are hiding in plain sight, or rather we’re not hiding at all. We have jobs in tech and not in tech. We build our own software or install other’s (like Wordpress or Known). We are designers, developers, devops, UX and non-technical folks.

The Indie Web community is not as diverse as it could be and needs to be. Admittedly, the community is overwhelmingly white men. There are some women and some people of color. But we need to do much better at reaching out to people, at being more inclusive and at sustaining a diverse community. Because if the Indie Web is going to succeed, it must represent the rich plurality of people in the world.

We are working hard at making the Indie Web not just for us by us, but for all of us by all of us.

Where is the Indie Web?

The Indie Web is everywhere. The Indie Web is nowhere. The Indie Web is anywhere you can access the internet.

Personal Websites

The Indie Web is simply the web when it’s owned and controlled by individuals on their own domains. The Indie Web is that place where someone publishes a creative work to her own website. The Indie Web is on individual’s personal domains and in the interactions directly between them. The Indie Web is when just a copy is syndicated out to imperialist website silos. The Indie Web is of the internet on our personal websites.

Conversation

The Indie Web is, of course, just made of people. The Indie Web community regularly gathers in an IRC channel #indiewebcamp on freenode.net (with a Slack bridge called, indiewebcamp). There’s also a web version at http://indiewebcamp.com/irc/today.

IndieWebCamp

Once per year, we meet in Portland, Oregon, United States for the Indie Web Summit (started in 2011). Additionally, other IndieWebCamps have been organized in multiple cities in the United States and in Europe. We hope to add more cities and in more continents.

Homebrew Website Club

Also, in multiple cities in the United States and in Europe smaller groups meet up more frequently and more informally at a meet up called Homebrew Website Club. At HWC, we share with each other our progress in building and improving our websites. We encourage each other to continue our improvements. And in some cities, there is a silent writing hour where attendees simply write new material for their website.

Both Homebrew Website Clubs and IndieWebCamps are free and available to anyone who owns their domain or wants to. Anyone can also organize a Homebrew Website Club or an IndieWebCamp in their city.

How Can You Get on the Indie Web?

The Indie Web is not a place separate from the web that you already know and use. The web that you’re probably reading this article on right now.¹ The Indie Web can be almost anywhere on the web.

Domain

The first step to getting on the Indie Web is to own your domain. ²

A domain (or sometimes called a “domain name”) is the part of a URL that looks like example.com. On my website, my domain is veganstraightedge.com. It doesn’t have to end in “.com”. It could be .org, .net, .info, .biz, .me or country codes ³ like .io, .it, .co or all kinds of new TLDs⁴ like .limo, .club, .ninja.

You can buy a domain from any number of registrars. I recommend hover.com if you’re just buying one or a few domains. If you find yourself owning 10 or more, I suggest using dnsimple.com. I implore you to avoid godaddy.com. Even if they’re selling the domain you want for a few dollars cheaper than others. Everyone I’ve ever known that used GoDaddy regretted using them later.

Try to think about the longevity of your the name you choose. Will you still want to use this domain in ten years? In fifty? Always a reliable classic is your name at some TLD. shanebecker.com, shanebecker.me, etc.

Some websites that provide the publishing software (like SqaureSpace or Wordpress) will also sell you a domain directly through your account settings. And when you buy it through them, they also configure it to Just Work™ for your site.

For example, when you sign up with Wordpress.com you choose a subdomain for your Wordpress blog: veganstraightedge.wordpress.com. But when you buy veganstraightedge.com through Wordpress, they set it up so that only veganstraightedge.com is ever shown to the world instead of veganstraightedge.wordpress.com.

It’s critically important that you don’t use a subdomain (like veganstraightedge.wordpress.com or veganstraightedge.tumblr.com) as your primary website. The reason is that you don’t really own any subdomain.⁵ If you ever decide to move to different publishing software (like from Tumblr to Wordpress) none of your URLs can be moved. And good URLs don’t change.

Publish

Once you’ve got a domain, publish something. Publish lots of somethings. Publish to your heart’s content. And then publish some more.

Publish short text notes. Publish longer structured articles with titles and HTML formatting (if you want). Publish bookmarked links, photos and videos. Anything that you currently publish on other sites, like Twitter, Facebook, Instagram, YouTube, etc.

Later on in the process of expatriation from the corporate silos that currently control what and how we publish to the autonomy of the Indie Web, there’s a process called syndication where a copy of your post is sent to a silo for greater distribution or visibility for people you want to see your post but don’t go to your site. E.g. friends and family on Facebook.

We call this process of syndication POSSE. That stands for Publish (on your) Own Site, Syndicate Elsewhere. I’ll cover POSSE in more depth in a syndication specific post.

About Me

Or about you, really.

On your site, there’s probably a header, sidebar or footer place for you to put some information about yourself. Your name, your photo or avatar, some URLs and usernames on other sites. If you feel comfortable doing so, your phone number and/or email address. Maybe even a short paragraph or two bio about you. You can expand this even further by creating a page (typically called “About” at the path of /about). You can also add a resume/cv and/or portfolio. Or you can do something completely different. It’s your site, your identity.

Summary

Get a domain. Find some publishing software (or if you’re feeling adventurous, build your own). Publish some posts. Include an about me section. Write an about me page (and for bonus points, a resume).

Now you’re on the Indie Web!

There’s some additional technology under the covers that will improve your experience, but all of that requires that you’ve done these parts first.

---