Warn HN: Heroku: certificate expiry in 7 days for .herokuapp.com

We run a backend API app on Heroku and for simplicity our frontend calls it via the herokuapp.com subdomain `<our-app-name>.herokuapp.com`.

We haven't bothered with a custom domain SSL certificate as the herokuapp.com subdomain has been just fine.

Fortunately I was monitoring the endpoint as I started getting SSL expiry warnings a few weeks ago.

It seems heroku is serving an old certificate for <our-app-name>.herokuapp.com, issued April 2019 and expiring 22nd June:

``` $ curl -v --head https://<our-app-name>.herokuapp.com/ * Connected to <our-app-name>.herokuapp.com (52.19.225.66) port 443 (#0) [snip] * Server certificate: * expire date: Jun 22 12:00:00 2020 GMT * subjectAltName: host "<our-app-name>.herokuapp.com" matched cert's " .herokuapp.com" issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA ```

It's a wildcard cert for .herokuapp.com but it's different from the current one I see if I curl the root domain:

``` $ curl -v --head https://herokuapp.com/Connected to herokuapp.com (34.194.84.166) port 443 (#0) * Server certificate: * expire date: Aug 2 02:13:11 2020 GMT * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3

```

It seems they've transitioned to Let's Encrypt for the wildcard domain, but it isn't being served for app subdomains. I've checked a few other subdomains and see the same thing:

* govuk-prototype-kit.herokuapp.com * heroku-status.herouapp.com * juice-shop.herokuapp.com

I've been raising this with support since T-30 and they just keep saying things like:

> Our concerned team is aware of it and they are actively working on the renewal process. We'll get the new cert in there well before the expiration, and there will be no disruption of service.

Now we're at 7 days I've lost confidence that support has even forwarded my ticket to the right team.

I suspect in 7 days we're gonna see a lot of things break...