When you access your Heroku application via its configured custom domain you receive a browser error about a Certificate Mismatch
This error can occur for a number of reasons.
Incorrect DNS configuration
Provisioning SSL involves [updating your DNS configuration to point at the correct endpoint.
When using ACM (Automated Certificate Management) this will throw the certificate mismatch error if the DNS points to the
herokuapp.comendpoint for the app. Instead, this needs to use the endpoint in the format
www.exampledomain.com.herokudns.com. This can be seen for an app using the
heroku domains -a <app name>command.
When using the SSL Endpoint add-on in the US region, you will need to use the herokussl.com endpoint (n.b. US region only).
Incorrect configuration will cause a 'Certificate Mismatch Error' as your browser will still be receiving the wildcard herokuapp.com cert we provide by default.
DNS Provider is performing a Redirect
While a redirect (typically at the root domain, eg mydomain.com) will work for http requests if you attempt to access https://mydomain.com then your DNS provider will not have a valid certificate for your domain and a 'Certificate Mismatch Error' or a 'Connection Failed' error would be displayed by your browser. If you wish to use root domains and SSL then you need to use a DNS provider that supports using CNAMEs at the root level and perform the redirect at the application level.