SaaS and custom domains

Hi, I hope this is the right place to ask this. I am about to start working on a SaaS project which will let users add custom domains to their accounts, so I will need to provide TLS certificates for these domains. I am using Kubernetes, so I was thinking that I could proceed this way:

  1. user adds a custom domain
  2. app first verifies that the custom domain is indeed pointing to the app (either DNS verification or by checking a unique URL)
  3. if the domain has been verified successfully, the app then creates an ingress in Kubernetes
  4. cert-manager automatically issues a Let’s Encrypt certificate for the new domain

Would this work with many certificates (if the app is successful as I hope), especially considering the limits? How do companies like Heroku - with tons of users and custom domains - handle this?

Thanks a lot in advance for any help.

Hi @vitobotta

what are the domain names? Are these customerdomains (, etc.)?

Or are these subdomains (,

First -> ~~ no problem, most limits are domain specific.
Second -> max. 50 certificates per domain per week.


Hi, thanks for your reply. The app will by default give subdomains of the app domain, and for that I am going to use a wildcard certificate. The custom domains instead are unrelated to each other like in your first example. I understand that most limits are per domain, but I am worried that as I scale I might run into issues with failed registrations and things like that, even though my app will “keep an eye” on the custom domains making sure they always point to the app.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.