Heroku Wildcard SSL Certificate Automated Provisioning

I recently setup Heroku Wildcard SSL and it took a bit of doing so decided to post this to hopefully make someone’s day a little easier!

Let’s say I have domain.com and I want to point *.domain.com to a heroku app. Additionally I use Cloudflare for DNS.

  1. Manually configure the heroku domain *.domain.com
  2. Setup the provided CNAME in cloudflare.
  3. Create a GitHub Action which runs weekly and updates the SSL certificate.


When I first ran this, has some problems b/c there was no existing certificate in Heroku so certs:update failed, so I manually ran these commands once & created the cert, then came back and tried it again and it worked!

Additionally, using the --debug or --debug 2 flag on the ~/.acme.sh/acme.sh command is really useful to see the full request & response bodies.