How do we provide SSL for custom domains?

We will go into a little more detail in this blog post about how we are able to provide SSL for all of our customers with the minimum possible fuss and trouble.

Caddy is a HTTP server project which is sponsored by ZeroSSL. It has provisioning built into it for generating all kinds of SSL certificates.

We take advantage of Caddy's on_demand_tls functionality to allow us to generate any SSL certificates we need.

When a customer chooses to use our Barkeeper Service to host a custom subdomain for their location or group of bars, we need them to set up some DNS records to make this possible.

We need an A record which points to our frontend web server's global IP address. We also need a CAA record configured to allow for SSL certificates to be generated using letsencrypt.org or zerossl.com.

When the request is then made

When a web browser then connects to example.barkeeperapp.com we check that the domain is a valid one registered in our database. Once the validity is confirmed, the SSL certificate is generated and the web browser is sent a very secure SSL connection.

If the domain isn't probably configured in the administration console yet, the web browser would see a friendly error message instead. This should give them all the information they need to continue to get the domain set up.

What about the old URL?

Where a customer was previously using bob.barkeeperapp.com and has now set up a custom domain of bobisawesome.com, we lock the previous name so that nobody else can use it and then set up automatic redirects to bobisawesome.com.

To www or not www

We strongly advise our customers to not bother with the www. prefix on their domains. If www.bobisawesome.com and bobisawesome.com are both pointed to our servers, we will only set up bobisawesome.com as the primary domain (and canonical url) and will redirect from www.bobisawesome.com to bobisawesome.com.

It is possible to do the opposite of this as well, contact our support team to find out how.