On March 8, 2023 at 17:00 UTC, DigiCert will start issuing public TLS/SSL certificates from G2 root and intermediate CA certificate hierarchies. This may affect your Heroku apps if they satisfy any of the following conditions:
- Pins custom ICA/Root certificates
- Hard-codes the acceptance of ICA/Root certificates
- Bundles their own trust store
If your app does any of the above, you'll likely have issues interacting with the Heroku API (api.heroku.com) or any services that use DigiCert-issued SSL certificates.
We recommend performing the following actions before March 8, 2023:
- Update your custom certificate bundle and redeploy your app
- Avoid pinning or hard-coding root or ICA certificate acceptance or make the necessary changes to ensure certificates issued from the G2 certificate hierarchy are trusted i.e. they can chain up to their trusted G2 root certificate