You want to verify your SNI certificate is setup correctly before switching your DNS over.
You'll use cURL to do this, and the
--resolve attribute is important for this. From the cURL man page
Provide a custom address for a specific host and port pair. Using this, you can make the curl requests(s) use a specified address and >prevent the otherwise normally resolved address to be used. Consider it a sort of /etc/hosts alternative provided on the command line. The >port number should be the number used for the specific protocol the host will be used for. It means you need several entries if you want to >provide address for the same host but different ports.
The provided address set by this option will be used even if -4, --ipv4 or -6, --ipv6 is set to make curl use another IP version.
This option can be used many times to add many host names to resolve.
so to test
www.foodblog.org with a stable-cname of
www.foodbloc.org.herokudns.com you would do:
$ curl --verbose "Host: www.foodbloc.org" https://www.foodbloc.org --resolve www.foodbloc.org:443:`dig www.foodbloc.org.herokudns.com +short | head -n1`