If auto-detecting domains to verify, skip .herokuapp.com domain

[jalada]

It's pointless to verify it because Heroku will always use their own certificate, and it is a slight information leak to expose the name of the Heroku app in the certificate.

[jalada]

This caught me out today; if you have only the herokuapp.com domain in the certificate, Heroku gives you a lousy 403 with no explanation when you try and upload the certificate.