DNS Challenge Using Cname Verification

I have a web app where users can point their custom domain to their profiles. For that they point the dns of their custom domain to my server.

How do I issue a certificate to those who have mapped their domain to our server using DNS Cname Validation?
Is there any automated process to do so?
I am using an Apache Server Ubuntu (PHP)

TXT verification wouldn’t be possible if the users increase in future, so how to issue a certificate to every domain that points to my server?

This is similar to what about.me does! You can check this out
https://support.about.me/article/141-how-do-i-get-https-for-my-domain

I would really appreciate if someone helps me, this is really bugging me since months!
Thankyou!

1 Like

If you want a turnkey solution, you could use Caddy to automatically provide certificate coverage (https://caddyserver.com/docs/automatic-https#on-demand-tls) for all of your customer domains.

Otherwise, you would need to get your hands dirty and develop a solution yourself using an existing ACME library.

2 Likes

Sorry I didn’t mention, I am already using an Apache server Ubuntu! Will it still help?

You would put Caddy in front of Apache in a reverse-proxy arrangement. That’s the cost you would pay for having Caddy automate all of the HTTPS for you.

1 Like

Thankyou,
Also is there any way to do this without caddy, I read this

Can you please explain me this?
Thanks!

I’m not sure that thread has anything that will help you. You have already solved with the DNS part - your customers are using a CNAME to point their domains to your app.

What you are missing is the software which takes your (dynamic) list of your customer domains, creates certificates, deploys them to your webserver and manages their lifecycle. That’s going to require software development/scripting, one way or another. Moreover, it’s going to be slightly different for every webapp.

That’s why I suggested Caddy - although it is not perfect, it largely lets you avoid doing all that work.

2 Likes

Yeah, more and more companies are using Caddy to manage certs for their customer’s domains on-demand. It works really well and is getting even better with time.

Hey,
so I have configured caddy as reverse proxy but things are not going right!
Can you please help me - this is my question :point_down:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.