I've followed Heroku's Automated Certificate Management instructions for generating an SSL certificate via LetsEncrypt (kudos to LetsEncrypt and heroku!!) for my Ruby Sinatra app but generation of the SSL certificate for my custom domain is failing.
After activating automated certificate management, the heroku domain name for my app changes from *.herokuapp.com to *.herokudns.com, as expected.
I've updated my Google Domain records accordingly, however Google Domain doesn't allow the domain root to be specified as a CNAME record. Instead the root needs to be pointed at http(s)://www.mycustomdomain.com via subdomain forwarding, i.e.
mycustomdomain.com --> http://www.mycustomedomain.com
When heroku's certificate generation process runs, it expects BOTH www.mycustomdomain.com and mycustomdomain.com to be verified. It seems that the fact that the domain root is pointed to the www address via subdomain forwarding is preventing the domain root from validating.
I'm GUESSING that this is causing generation of the custom domain SSL certificate to fail?
Before I check with heroku, I'm reaching out to the stackoverflow community incase anyone's encountered this and solved it?
Custom domain setup on heroku
user@machine1:~/projects/mycustomdomain$ heroku domains
=== mycustomdomain Heroku Domain
mycustomdomain.herokuapp.com
=== mycustomdomain Custom Domains
Domain Name DNS Target
──────────────── ──────────────────────────────
mycustomdomain.com mycustomdomain.com.herokudns.com
www.mycustomdomain.com www.mycustomdomain.com.herokudns.com
Google Domain config
Subdomain forward
mycustomdomain.com --> http://www.mycustomdomain.com
*.mycustomdomain.com --> http://www.mycustomdomain.com
Custom resource records
<table style="border:1px solid black; border-collpase">
<tr>
<th>NAME</th>
<th>TYPE</th>
<th>TTL</th>
<th>DATA</th>
</tr>
<tr>
<td>www</td>
<td>CNAME</td>
<td>1h</td>
<td>www.mycustomdomain.com.herokudns.com</td>
</tr>
</table>
As a belated update, I have since found the following link, which I have used successfully to configure my app hosted on Google Domains, to use Let's Encrypt SSL: https://medium.com/@connorleech/https-ssl-on-heroku-with-google-domains-as-dns-provider-c55c438556c6
(I provide the link rather than restating the information here, as it is quite a lot of information)