Heroku SSL error: key doesn't match PEM certificate

I am trying to generate a self-signed certificate using the instructions that Heroku suggests here: http://www.akadia.com/services/ssh_test_certificate.html

This creates sever.key and server.crt.

I then try to add them to heroku using the following command:

heroku ssl:add server.crt server.key and I get the following error

Domain name not found. Make sure the domain mycorrectdomain.heroku.com is added to your Heroku app / Key doesn't match the PEM certificate

Here is the contents of the server.crt file:

-----BEGIN CERTIFICATE-----
MIICvTCCAiYCCQDyHGnBdtovbzANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMC
VVMxCzAJBgNVBAgMAkNBMRIwEAYDVQQHDAlQYWxvIEFsdG8xEzARBgNVBAoMClR1
dG9yQ2xvdWQxETAPBgNVBAsMCFNvZnR3YXJlMSMwIQYDVQQDDBp0ZXN0LXR1dG9y
Y2xvdWQuaGVyb2t1LmNvbTElMCMGCSqGSIb3DQEJARYWYmxhaXJAbXl0dXRvcmNs
b3VkLmNvbTAeFw0xMTA4MDMxNzQ4NDdaFw0xMjA4MDIxNzQ4NDdaMIGiMQswCQYD
VQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVBhbG8gQWx0bzETMBEGA1UE
CgwKVHV0b3JDbG91ZDERMA8GA1UECwwIU29mdHdhcmUxIzAhBg开发者_JAVA百科NVBAMMGnRlc3Qt
dHV0b3JjbG91ZC5oZXJva3UuY29tMSUwIwYJKoZIhvcNAQkBFhZibGFpckBteXR1
dG9yY2xvdWQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqWEjXRDo0
CBzoIqnpzPN6Ussf476JDX+9uCkpaSyR6Oxarjpc55lw+Mnb9UNiBWPS6JJ/Hq2c
CgkGD9uu11OXRCRvsZeyJjd2YT1B+XZsXrKZVj2C2dj1r6DXzAV2G5EwWJDklaH3
x1uA+muPt7NZ4Dz2WNv9FMyicTTCdMhWlwIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
AJYAgjiHyUxyeFRR2nJ3CLanjNtkzVz+Dk7pdu/p0P35YpYhE95q76xgcOFasWe2
+pUwxTjtQvhc0BRHjohSjiF8+ZFLRfsPq9kmh55AFzDj7V8dzUek4yVyZRtcIdNQ
Gx8I5g8vJClLnHbYQlaCupVIxVZqnp7SKeeshduCsJ/8
-----END CERTIFICATE-----

Any ideas?

Just in case others are getting this error - I was getting the same error setting up a test hostname SSL certificate for my app.

The answer was that I had not added the domain name the certificate was for first - it does not explicity say this in the Heroku SSL docs. So before adding the cert do:

heroku domains:add secure.mydomain.com

and then you can add the certificate:

heroku ssl:add ssl.crt ssl.key

Have you added the SSL addon on your heroku app setting?

Also, you shouldn't be posting your private key online since it's supposed to be... well... private.

I suggest you generate a new key pair for your app.

EDIT:

You mentioned that you enabled the piggyback SSL, in which case, you don't need to generate your own keys. See this:

An app specific SSL certificate is not required for Piggyback SSL. The *.heroku.com wildcard SSL certificate is used for all apps. You can view information about this certificate by visiting https://heroku.com/ and clicking the lock icon in your browser.