Issue
When you access your Heroku application via its configured custom domain you receive a browser error about a Certificate Mismatch
Resolution
This error can occur for a number of reasons.
Incorrect DNS configuration
Provisioning SSL involves [updating your DNS configuration to point at the correct endpoint.
- When using ACM (Automated Certificate Management) this will throw the certificate mismatch error if the DNS points to the
herokuapp.com
endpoint for the app. Instead, this needs to use the endpoint in the formatwww.exampledomain.com.herokudns.com
. This can be seen for an app using theheroku domains -a <app name>
command.
Incorrect configuration will cause a 'Certificate Mismatch Error' as your browser will still be receiving the wildcard herokuapp.com cert we provide by default.
DNS Provider is performing a Redirect
While a redirect (typically at the root domain, eg mydomain.com) will work for http requests if you attempt to access https://mydomain.com then your DNS provider will not have a valid certificate for your domain and a 'Certificate Mismatch Error' or a 'Connection Failed' error would be displayed by your browser. If you wish to use root domains and SSL then you need to use a DNS provider that supports using CNAMEs at the root level and perform the redirect at the application level.