Hi,
I'm working on a SaaS, which is something like a website builder. User's should be able to use their custom domain and not just get a dedicated subdomain from us.
I would like to use a third-party service for that and I could find the following:
Unfortunately, none of them is really convincing as they sometimes don't even have an email address for support and therefore I feel uncomfortable giving them my credit card number.
Can you recommend similar services?
If anybody from the future ends up here looking for an easy way to implement custom domains, check out https://approximated.app (I'm the founder). It reliably serves hundreds of thousands of custom domains as of today, it's super easy to get up and running with your app the same day, and it starts at $20/month with a 7 day free trial.
Taking a look at some of these other responses, here's how it handles the concerns mentioned about other options:
I run my app (DynaBlogger in Kubernetes so I use cert-manager to issue certificates using Let's Encrypt.
The way it works is this: when a user adds a custom domain, the app tells the Kubernetes API to create an ingress resource (virtual host in Nginx basically) for the domain; then the app pings the domain until a request to a specific path returns an expected token. This means that the domain is actually pointing to the app / is owned by the user. At that stage, the app tells the Kubernetes API to "upgrade" the ingress resource with some annotations that trigger the issuance of the certificate with cert-manager. If DNS has already been configured for the domain, the process takes under a minute usually.
This setup in Kubernetes is the best I have used so far for this feature.
In the past, before Kubernetes, I was using OpenResty as web server, which is a particular version of Nginx with lua scripting built in. Then I would use the lua-autossl extension to issue certificates.
The way that works is this: the app exposes an API endpoint which accepts a domain as a parameter and returns a 200 status code if the domain is recognized (= added by some user to the system) or 404 status code if not. At the first request with the custom domain, some lua code queries that API endpoint to check if the domain is allowed and if yes, it issues the certificate with Let's Encrypt, otherwise it will ignore it and not issue the certificate, for security reasons. What I don't like of this setup is that the first request that triggers the issuance of the certificate can be very slow depending on whether DNS is fully propagated etc. There are also some limits to the number of certificates that can be managed this way by a single web server. With Kubernetes instead the thing scales together with the cluster, so it's a lot better.
I have never considered using a third party service for things like certificates because they require a lot of trust and it's one more external dependency.
You could set up fly.io as a proxy in front of your application. They have the ability to add domains to an application through the API and they handle acquiring a Let's Encrypt certificate for them automatically.
None of these seem to work with A Records as well.
Do you need a 3rd party for this?
I would think that your user could create a CNAME DNS record pointing their custom domain (e.g.
theirdomain.com
) to their subdomain on your site (e.g.theirsubdomain.yourapp.com
).Then, your app will handle traffic from their domain the same way as you currently do with their subdomain (by checking the host header, for example).
I've never done this though, so feel free to tell me that this is wrong and it's actually way harder than I think 🙂
This is true and seems to work. However, you then don't have SSL without any further setup, which is too much to ask the user for.
Ah ok I see what you mean.
I've heard good things about caddy for that, as I think it can obtain certs for you.
This looks a bit like what you're trying to do?
https://oliverdunk.com/2018/07/06/https-custom-domains-sass