Ask HN: How did you setup custom domains and SSL for your SaaS? - pier25
======
karmakaze
It varies depending on the project. For static sites/assets I use either
Netlify or own VM with CloudFlare in front. Using CF to manage DNS and as
resolver on my machines/network make changes immediate.

For the VMs, use certs from Letsencrypt. The renew process is still not fully
automated with Nginx and would try Caddy2 next time around.

I don't work with any block storage so nothing for S3 etc.

~~~
pier25
So you add the customer domains to Cloudflare?

~~~
karmakaze
The services I've provided are for consumption by the customer so
customer.saascompany.com is fine. I haven't made services that need customer
branding e.g. product.customer.com.

For this case, I would likely still manage my own Letsencrypt certs (e.g.
service.saascompany.com) and have the customer add CNAME product.customer.com
-> service.saascompany.com for the vanity domain. At that point the customer
is managing their own cert and I would recommend CloudFlare, AWS or other that
issues/maintains certs for them.

------
twbarber
We've been using CloudFlare's SSL for SaaS [1] offering for the last year, and
have nothing but good things to say. You also get the rate limiting and other
protections you'd expect from CloudFlare. It's been great not having to worry
about CSRs and cert renewals as we've scaled out. Although, we _did_ go down
the other day as part of their outage.

[1][https://www.cloudflare.com/ssl-for-saas-
providers/](https://www.cloudflare.com/ssl-for-saas-providers/)

~~~
pier25
Unfortunately we still can't afford their enterprise plan.

I emailed the SSL for Saas PM and he told me they are preparing a new service
so that clients in other plans can also use this. Although no ETA and no
pricing info yet.

~~~
shyn3
You can write a Lets Encrypt module to auto-generate a new cert using the API
and loading it.

------
gervwyk
also interested! please share resources if you have any. we have built an
implementation using S3. but the bucket name needs to be the same as the
domain name.. so not really that scalable..

~~~
pier25
For object storage, Stackpath gives you free SSL and it all can be automated
via their API.

I made these benchmarks recently and Stackpath didn't do too well but it's
still an option you could consider.

[https://www.pierbover.com/posts/static-hosting-
benchmark-202...](https://www.pierbover.com/posts/static-hosting-
benchmark-2020/)

~~~
gervwyk
This is a really nice test! Well done. Really looking forward to try
cloudflare workers on our deployments.

