Hi @imchuck,
Ideally, Heroku would have a log of the specific error returned by the CA that they would be willing to show you.
If not, you can try obtaining a certificate outside of the Heroku interface using any of the clients at
including the web-based ones. The Let's Encrypt client should show you the specific error returned by the CA; if that error is "policy forbids issuing for name", then your name is blacklisted.