Automated Certificate Management for apps in Private Spaces

Change effective on 24 May 2018

Heroku Automated Certificate Management (ACM) is now available for apps in Private Spaces. When ACM is enabled on a Heroku app, Heroku will automatically provision and renew certificates for custom domains registered on the app.

To enable ACM on a Private Space app that doesn’t currently have TLS certs, simply enable the feature and wait for the certificate to be provisioned:

$ heroku certs:auto:enable

If you already have manually uploaded TLS certs and want to migrate to ACM, follow the process outlined below.

1. Determine the name of your current manually uploaded certificate

$ heroku certs
Name          Endpoint                                                 Common Name(s)          Expires               Trusted  Type
────────────  ───────────────────────────────────────────────────────  ──────────────────────  ────────────────────  ───────  ─────────────────
nagano-91606  <haiku>.<haiku>.herokuspace.com                          <common-name>           2018-08-13 11:05 UTC  True     Private Space App

2. Enable ACM for your app

$ heroku certs:auto:enable

Enabling Automatic Certificate Management... done
=== Your certificate will now be managed by Heroku.  Check the status by running heroku certs:auto.

3. Wait for the cert to be issued

It’s important to wait for this step to complete before proceeding. If you don’t your app might incur downtime.

$ watch heroku certs:auto

4. Remove the old manually added cert

Use the name found in step 1

$ heroku certs:remove --name nagano-91606

See the Automated Certificate Management Dev Center article for details.