Issue
On March 8, 2023 at 17:00 UTC, Heroku will change the certificate for api.heroku.com from a DigiCert provided certificate to a Let's Encrypt provided certificate. This may affect your Heroku apps if they satisfy any of the following conditions:
- Pins custom ICA/Root certificates
- Hard-codes the acceptance of ICA/Root certificates
- Bundles their own trust store
If your app does any of the above, you'll likely have issues interacting with the Heroku API (api.heroku.com).
Resolution
We recommend performing the following actions before March 8, 2023:
- Update your custom certificate bundle and redeploy your app
- Avoid pinning or hard-coding root or ICA certificate acceptance or make the necessary changes to ensure certificates issued from the ISRG Root X1 certificate hierarchy are trusted i.e. they can chain up to their trusted ISRG Root X1 root certificate. For further details see: https://letsencrypt.org/docs/certificate-compatibility/, and https://letsencrypt.org/certificates/