The Swisscom documentation on Routes and Domains acknowledges that
If you use domain forwarding, SSL requests to the root domain may fail if the SSL certificate only matches the subdomain.
However, there seems to be no way to add a custom SSL/TLS certificate to your domain. Am I missing some hidden settings? Other Cloudfoundry providers have special interfaces for installing certificates in their web admin applications. So when trying to use a private domain for a Route to an app there and you access it via HTTPS, as expected, you get an invalid certificate error (because you get served the scapp.io certificate).
So: How do I set up a custom SSL certificate for a private domain in Swisscom’s Cloudfoundry?
SSL certificates from Let’s Encrypt are now available on the Swisscom Application Cloud: SSL Secure Routes