HTTPS is practically mandatory for webpages in 2017, as Chrome has started marking entire HTTP sites as insecure if they collect nearly any type of form data at all.

Prior to 2017, Heroku charged an extra monthly fee ($20) for an SSL endpoint. That fee is now gone and additionally, Heroku has set up functionality to automanage Let’s Encrypt SSL certificates on all paid dynos. This means that it isn’t necessary to reinstall them every three months when they expire.

If you  have an existing paid dyno*, the command is simple:

heroku certs:auto:enable

It will take 45-60 minutes to generate the certificate and you will need to redirect your DNS to the new endpoint. You can run

heroku domains

to get your endpoint and eventually you can use

 heroku certs

to see information about your certificate.

*This functionality (ACM, or Automated Certificate Management) is set up automatically for any paid dynos initiated after March 21, 2017. So these instructions are for converting existing dynos (i.e. initiated before that date) to ACM.