Why am I seeing a ‘Certificate Mismatch Error’ when I access my custom domain over SSL/TLS?


When you access your Heroku application via it’s configured custom domain you receive a browser error about a ‘Certificate Mismatch’


This error can occur for a number of reasons.

Incorrect DNS configuration

Provisioning SSL involves updating your DNS configuration to point at the new herokussl.com address (US region only). Incorrect configuration will cause a 'Certificate Mismatch Error' as your browser will still be receiving the wildcard herokuapp.com cert we provide by default.

DNS Provider is Performing the Redirect

While a redirect (typically at the root domain, eg mydomain.com) will work for http requests if you attempt to access https://mydomain.com then your DNS provider will not have a valid certificate for your domain and a 'Certificate Mismatch Error' or a 'Connection Failed' error would be displayed by your browser. If you wish to use root domains and SSL then you need to use a DNS provider that supports using CNAMEs at the root level and perform the redirect at the application level.