Why am I seeing a ‘Certificate Mismatch Error’ when I access my custom domain over SSL/TLS?

Issue

When you access your Heroku application via its configured custom domain you receive a browser error about a Certificate Mismatch

Resolution

This error can occur for a number of reasons.

Incorrect DNS configuration

Provisioning SSL involves [updating your DNS configuration to point at the correct endpoint.

  • When using ACM (Automated Certificate Management) this will throw the certificate mismatch error if the DNS points to the herokuapp.com endpoint for the app. Instead, this needs to use the endpoint in the format www.exampledomain.com.herokudns.com. This can be seen for an app using the heroku domains -a <app name> command.

  • When using the SSL Endpoint add-on in the US region, you will need to use the herokussl.com endpoint (n.b. US region only).

Incorrect configuration will cause a 'Certificate Mismatch Error' as your browser will still be receiving the wildcard herokuapp.com cert we provide by default.

DNS Provider is performing a Redirect

While a redirect (typically at the root domain, eg mydomain.com) will work for http requests if you attempt to access https://mydomain.com then your DNS provider will not have a valid certificate for your domain and a 'Certificate Mismatch Error' or a 'Connection Failed' error would be displayed by your browser. If you wish to use root domains and SSL then you need to use a DNS provider that supports using CNAMEs at the root level and perform the redirect at the application level.

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support
Terms of Service Privacy Cookies © 2018 Salesforce.com