You have a single Heroku app that is available at several different domain names, and you want to be able to provide secure connections (TLS/SSL) to all of those domains.
Automatic Certificate Management
ACM will provision certificates for free for up to 100 domains. Please check the known limitations to see if your use case is compatible, but if so this is the cheapest and easiest option for non-wildcard domains.
If you haven't purchased a certificate yet, you should consider buying a SAN certificate. This will allow you secure multiple domains with a single certificate. This will work with either Heroku SSL or the SSL Endpoint add-on.
If you have to use multiple certificates, you can only do that with the SSL Endpoint add-on. Say you want to provide certificates for
bar.com, but have both domains point to the
foo-app Heroku app:
- Add the
foo.comcertificate to the
heroku certs:add -a foo-app.
- Add the
foo.comdomain to the
heroku domains:add foo.com -a foo-app.
- Configure the dns for
foo.comto point to the hostname you got from the previous step.
- Create a new app called something like
heroku addons:create ssl:endpoint -a bar-certificate.
- Upload the
bar.comcertificate to the
heroku certs:add --type endpoint -a bar-certificate.
- Configure the DNS for
bar.comto point to the SSL endpoint address you got from the previous step.
- Now add the
bar.comdomain to the
heroku domains:add bar.com -a foo-app.
This will ensure that requests for
bar.com use the proper certificate but end up getting routed to the
foo-app application. Unfortunately, this approach isn't currently supported with Heroku SSL, so you'll have to use the SSL Endpoint add-on for your extra certificates.
Please note that SSL Endpoint add-on is only available for apps on Common Runtime (US or EU region).
For Rails apps, you may find the following blog post useful also: https://evilmartians.com/chronicles/zero-downtime-rebranding