tls – Separate SSL certs on CloudFront and Heroku?

I find SSL real confusing, but anyways.

For my frontend static website, I host on S3 and distribute using CF. I just use something simple like comodo SSL to generate an SSL cert and then go through the AWS ACM process to import the cert. All good.

But I realized all my API requests of course go to a Node.js server running somewhere else in the world on Heroku (ok, probably they host on AWS somewhere :P). So with my domain name being and SSL certified, pointing to, and API requests hitting, do I get a separate SSL on Heroku? Heroku has a tempting auto SSL feature for paid dynos, but I don’t get if I need it or if I use my existing one for