It's pointless to verify it because Heroku will always use their own certificate, and it is a slight information leak to expose the name of the Heroku app in the certificate.
This caught me out today; if you have only the herokuapp.com domain in the certificate, Heroku gives you a lousy 403 with no explanation when you try and upload the certificate.
It's pointless to verify it because Heroku will always use their own certificate, and it is a slight information leak to expose the name of the Heroku app in the certificate.