So, the problem was that we needed to add multiple domains (and their corresponding SSL cert) to a single Heroku app, they provide a guide at the bottom: https://help.heroku.com/8P5TVA4T/how-can-i-configure-multiple-ssl-certificates-for-a-single-app
But won’t provide you with the steps to generate it.
You first need to install certbot on your local machine, I’m on macOS so Homebrew is highly encouraged:
brew install letsencrypt
This is the command I used to generate the cert:
certbot certonly --manual --preferred-challenges dns --email email@example.com --domains domain.com
The “challenge dns” option will return a DNS record to be added via your DNS provider – after that, you should be good to upload it to Heroku:
heroku certs:add /etc/letsencrypt/live/domain.com/fullchain.pem /etc/letsencrypt/live/domain.com/privkey.pem --type endpoint -a app-name