SSL is a pain. You have to buy a certificate, which can be expensive and take a while, generate keys, and install it on your server. At best, the process takes a couple hours; often it takes a couple days. Cloudflare, a nifty proxy service that helps you easily secure and accelerate your web site, has made SSL a one-click affair: they have set up a system in which they can provide SSL for your site immediately by encrypting traffic from their proxy servers to your users, even if the traffic between your site and their servers is unencrypted.

But some of us need to have the traffic between our site and Cloudflare encrypted. That means dealing with the whole hassle of getting your own certificate… or so I thought. Turns out there’s a neat trick, if you’re running on Heroku.

Heroku lets you piggyback on their SSL certificate for free if you use a subdomain on their domain. If you’re running a production application, of course, that’s not an option, as you want your users to see your domain, not Heroku’s. But if you use Cloudflare, you can use the Heroku piggyback SSL to encrypt the traffic between Heroku and Cloudflare, and then Cloudflare will serve up your site with a certificate for your domain.

This setup takes only a few minutes to configure, and only costs $20/month for a Cloudflare Pro account (which gets you all of the other awesomeness Cloudflare provides, as well). Sweet!