I created a site and put it on Heroku. I then added a custom domain (e.g. "site.example.com") in the Heroku control panel and I pointed the DNS to my Heroku address. This works fine, but when I visit the site, I get a big browser warning, saying the certificate is for herokuapp.com, not for "site.example.com". How do I turn off HTTPS or fix it in some other way? (I don't need my own SSL certificate for the site.)

Note: It's not Heroku's fault if your app is forcing people onto SSL. Check production.rb to make sure it doesn't say:

config.force_ssl = true

If it does, change it to false:

config.force_ssl = false

Unfortunately, you can't prevent someone from attempting to access your site via SSL. That is to say that anyone can simply add https to to beginning of ://site.example.com. I would recommend that you open a support ticket to allow the Support team to look into your current configuration. Unfortunately, the Piggyback SSL that exists at *.herokuapp.com for Cedar apps bleeds through unless you have your own SSL certificate that is specified using the ssl:endpoint add-on.

The fact is, even if the Piggyback SSL wasn't in place, your visitors would still receive an error when going to the SSL version of your site. You might consider purchasing a seriously cheap SSL cert from some place like Namecheap (looks like you can pick up a super-simple cert for $8/yr) JUST to get rid of the errors. You can then enforce redirection to the non-SSL version of your site and all is well!

This may not be the best practice but nevertheless if you desperately want to force "NO-SSL", then you may do it via JavaScript code as follows.

 window.onload=function(){
     $(function(){
         if(window.location.protocol==="https:")
             window.location.protocol="http";
     });
 }