Notice of Behavior Change when Creating Certs

Change effective on 09 June 2021

With the introduction of multiple TLS certificates per app, users must now choose which certificates should be mapped with which domains in order to facilitate routing TLS requests. This change will only affect apps that are adding their first Heroku SSL cert and are using the Platform API rather than Heroku CLI or Dashboard.

Previously, when only a single cert was allowed, it was assumed that a TLS request to any domain on the app should be terminated by that single cert. The Heroku CLI and dashboard have been updated to prompt users to configure those mappings. See the Dev Center articles on SSL and Custom Domains for details on how to map certificates to domains.

Some customers who use the Heroku API either directly or via a 3rd party tool may be relying on the implicit behavior which maps the first certificate created on an app to all domains that had already been added to the app. We previously hinted at this behavior changing, but wanted to call it out explicitly, as it will no longer be supported after October 31, 2021.