How can I quickly check if ACM will be able to update the certificate?

Issue

I want to see if I can expect Automated Certificate Managment (ACM) to update the certificate with the current DNS and CDN configurations.

Resolution

Currently, ACM follows HTTP-01 challenge to verify the custom domain with up to 10 redirects. As of writing this, Heroku manages updates of TLS certificates on the host va-acm.heroku.com. If requests are redirected to this host, you can expect that Heroku will be able to update the certificate when needed (intermediate URLs may vary):

$ curl -IL http://custom-domain.example.com/.well-known/acme-challenge/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://custom-domain.example.com/.well-known/acme-challenge/

HTTP/1.1 301 Moved Permanently
Location: https://va-acm.heroku.com/challenge?host=custom-domain.example.com&token=

HTTP/1.1 405 Method Not Allowed

Source IP ranges for domain verification is not published. For a Private Space app, please make sure to open requests to the app to the paths under /.well-known/acme-challenge/.

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support
Terms of Service Privacy Cookies © 2019 Salesforce.com