HTTPS redirect from root domain (i.e. apex or 'naked') to 'www' subdomain without browser throwing up?

Question

DNS A-records require that an IP address be hard-coded into your application’s DNS configuration

...which Heroku recommends avoiding. Heroku

Answer 1

You need a certificate that secures both www.example.com and example.com.