If auto-detecting domains to verify, skip .herokuapp.com domain

pixielabs / letsencrypt-rails-heroku

Automatic LetsEncrypt SSL certificates in your Rails app on Heroku.

MIT License

220 stars 33 forks source link

If auto-detecting domains to verify, skip .herokuapp.com domain #44

Open jalada opened 7 years ago

jalada commented 7 years ago

It's pointless to verify it because Heroku will always use their own certificate, and it is a slight information leak to expose the name of the Heroku app in the certificate.

jalada commented 4 years ago

This caught me out today; if you have only the herokuapp.com domain in the certificate, Heroku gives you a lousy 403 with no explanation when you try and upload the certificate.