We assume you already have a domain and it correctly points to your Heroku application. If that's not the case, check out this tutorial first.
Although the certificate is free, you still need to upgrade your application to at leasta Hobby plan to use it. Go to your Heroku dashboard, select your application and click on the Resources tab. You should quickly find the button Upgrade to Hobby.... Select the Hobby plan (7$/dyno/month) and Save.
In Heroku, go back to the Settings tab of your application and scroll down to Domain and certificates. You should now see a white button Configure SSL. Click on it. Leave the Automatically option ticked and click on Continue.
You should then have instructions to set up your DNS. That is something which we already did in the previous tutorial, so click on I've done this and Continue.
That's it! Open your favorite browser and navigate to https://www.yourdomain.tld, you should see a green URL bar with the Securekeyword
Bonus - Forcing SSL in Rails
Right now, if you go to http://www.yourdomain.tld, your website is still served insecurly. You can't expect your visitors to manually add the missing s in the address bar. What you want to do is force a redirection from http:// to https:// URLs. In Rails, you can do that with a single line of code, using the force_ssl option.
To do so, go to your Rails project, open it in Sublime Text, and open the config/environments/production.rb file. Look for a commented line mentioning force_ssl. Update this line to have:
config.force_ssl = true
Commit & Push your changes to Heroku. You should now see an automatic redirection from http:// URLs to https:// (using a 301 and preserving the path).
Go ship something awesome!