How do I verify my SNI certificate is setup correctly?


You want to verify your SNI certificate is setup correctly before switching your DNS over.


You'll use cURL to do this, and the --resolve attribute is important for this. From the cURL man page

--resolve host:port:address

Provide a custom address for a specific host and port pair. Using this, you can make the curl requests(s) use a specified address and >prevent the otherwise normally resolved address to be used. Consider it a sort of /etc/hosts alternative provided on the command line. The >port number should be the number used for the specific protocol the host will be used for. It means you need several entries if you want to >provide address for the same host but different ports.

The provided address set by this option will be used even if -4, --ipv4 or -6, --ipv6 is set to make curl use another IP version.

This option can be used many times to add many host names to resolve.

so to test with a stable-cname of you would do:

$ curl --verbose "Host:" --resolve`dig +short | head -n1`

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support