How can I quickly check if ACM will be able to update the certificate?


I want to see if I can expect Automated Certificate Managment (ACM) to update the certificate with the current DNS and CDN configurations.


Currently, ACM follows HTTP-01 challenge to verify the custom domain with up to 10 redirects. As of writing this, Heroku manages updates of TLS certificates on the host If requests are redirected to this host, you can expect that Heroku will be able to update the certificate when needed (intermediate URLs may vary):

$ curl -iL
HTTP/1.1 301 Moved Permanently
Content-Length: 0

HTTP/1.1 404 Not Found
Content-Length: 0

Source IP ranges for domain verification is not published. For a Private Space app, please make sure to open requests to the app to the paths under /.well-known/acme-challenge/.

Note: The Stale caches can impact the DNS record updates(like updating domains, making changes to DNS configuration, and migrating DNS providers), hence it's recommended to reduce the TTL values of the DNS records before you start making modifications. The shorter TTL indicates that the cached data should expire sooner, allowing updated information to propagate faster.

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support