How do I switch from Automated Certificate Management (ACM) to SSL Endpoint?


You'd like to switch from using Heroku's Automated Certificate Management (ACM) feature to using the SSL Endpoint Add-On. The most common use case for this is to disable TLS 1.0 and/or TLS 1.1 on an application.


Can I switch from ACM to SSL Endpoint without downtime?

Yes. ACM and SSL Endpoint can co-exist, which means that there is no disruption to serving the site over HTTPS. You can set up SSL Endpoint properly and then disable ACM 1-2 days later by running heroku certs:auto:disable -a app-name. It's important to wait 1-2 days so that long-lived TTL has a chance to clear before you disable ACM.

How do I disable TLS 1.0 and/or TLS 1.1 once I've set up SSL Endpoint?

Refer to How do I disable support for TLS 1.0 or 1.1 on a Heroku App?. This can be done at any point after SSL Endpoint has been set up.

Can I use a wildcard certificate with SSL Endpoint?


Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support