How can I configure multiple SSL certificates for a single app?


Automatic Certificate Management

ACM will provision certificates for free for up to 100 domains. Please check the known limitations to see if your use case is compatible, but if so this is the cheapest and easiest option for non-wildcard domains.

SAN Certificates

If you haven't purchased a certificate yet, you should consider buying a SAN certificate. This will allow you secure multiple domains with a single certificate. This will work with either Heroku SSL or the SSL Endpoint addon.

Multiple Certificates

If you have to use multiple certificates, you can only do that with the SSL Endpoint addon. Say you want to provide certificates for and, but have both domains point to the foo-app Heroku app:

  1. Add the certificate to the foo-app app with heroku certs:add -a foo-app.
  2. Add the domain to the foo-app app with heroku domains:add -a foo-app.
  3. Configure the dns for to point to the hostname you got from the previous step.
  4. Create a new app called something like bar-certificate, and heroku addons:create ssl:endpoint -a bar-certificate.
  5. Upload the certificate to the bar-certificate app: heroku certs:add --type endpoint -a bar-certificate.
  6. Configure the DNS for to point to the SSL endpoint address you got from the previous step.
  7. Now add the domain to the foo-app app: heroku domains:add -a foo-app.

This will ensure that requests for use the proper certificate but end up getting routed to the foo-app application. Unfortunately, this approach isn't currently supported with the new Heroku SSL, so you'll have to use the SSL Endpoint add-on for your extra certificates.

Please note that SSL Endpoint addon is only available for apps on Common Runtime (US or EU region).

For Rails apps, you may find the following blog post useful also: