It's my first time working with SSL certificates on Heroku, and I'm starting off with a free plan.

The heroku-hosted game is going to make OAuth requests to Coinbase to allow peer-to-peer transactions, so security is paramount. So far I've set up my site, and it all looked good with the green padlock and the security certificate showing up for the generic *.herokuapp.com domain issued by Amazon:

However, running heroku certs returns [name of app] has no SSL certificates. Further, when I try to get the user's Coinbase Account information using Coinbase API I am seeing an error unable to get local issuer certificate.

So I'm confused about whether my application has a valid SSL certificate or not. If it does as the screenshot of my app seems to indicate, why isn't it verified by Coinbase or showing up with heroku certs?

CodePudding user response：

it all looked good with the green padlock and the security certificate showing up for the generic *.herokuapp.com domain issued by Amazon

Yes, all Heroku dynos (including free ones) get HTTPS out of the box on the default .herokuapp.com domain.

However, running heroku certs returns [name of app] has no SSL certificates

That's because you aren't managing the certificates. It is possible to provide your own certificate for Heroku to use, but if you're okay using the default domain there is nothing more you need to do.

when I try to get the user's Coinbase Account information using Coinbase API I am seeing an error unable to get local issuer certificate

This sounds like an issue with the certificate on the Coinbase side.

Without knowing exactly what you're trying to do there's not much more we can say. I suggest posting a separate question about this and including the relevant code as it is unrelated to the certificate on your site.