From that link, Heroku states:
Let’s Encrypt checks domains against Google’s Safe Browsing API and will not issue certificates for domains considered unsafe.
However, that hasn't been the case any longer for some years now. See this blog post and the update in the "Our plan" section:
Update: As of January 10, 2019, we no longer check domains against the Safe Browsing API.
So, ultimately, I have NO clue what Heroku is refering to.. 
They either have to dig deeper into their own process or have to give you the correct advice.