Looking for our Bitbucket add-on?Click here to read about recent Aerobatic changes.

Custom Domains and SSL

Once your site is upgraded to the paid plan, you can configure your site to be served on a custom domain. Aerobatic will provision a wildcard SSL certificate for your domain using the AWS Certificate Manager. Wildcard certificates cover your apex, aka “naked”, domain and all subdomains. This allows you to cover all your deploy stages using the same certificate, for example:

  • https://www.mydomain.com
  • https://www--test.mydomain.com
  • https://www--develop.mydomain.com

Depending on your DNS provider (more on this below), you can use apex (aka “naked”) domains:

  • https://mydomain.com
  • https://test.mydomain.com
  • https://develop.mydomain.com

You can also re-use the same domain + certificate across multiple paid websites:

  • https://www.mydomain.com
  • https://blog.mydomain.com

Registering your domain

Registering a new custom domain with wildcard certificate is done via the CLI. From the root of the website that you want to attach the domain, simply run the following command:

[$] aero domain --name mydomain.com

You’ll be sent a validation email from no-reply@certificates.amazon.com. Clicking on the approve link in the email both verifies your ownership of the domain and indicates approval for a SSL/TLS certificate to be provisioned. Once you approve the domain provisioning process will being. It takes anywhere from 20-40 minutes for everything to propagate across our worldwide content delivery network.

You can run the aero domain command again without any arguments to get a status update. Once provisioning is complete you will receive an email from support@aerobatic.com with instructions on how to configure your DNS records so that your domain resolves to your Aerobatic website.

ALERT Receiving the verification email can sometimes trip people up. See the troubleshooting section at the bottom of this guide.

DNS Settings

Once your domain is provisioned on the Aerobatic CDN, the next step is to create records with your DNS provider so that your domain resolves to your Aerobatic website. We recommend a single wildcard or catch-all CNAME if your domain provider supports it. That way you only have to configure a single DNS record that covers all website subdomains and staging aliases.

Record Name Target
CNAME * [your_dns_value].cloudfront.net

Any named subdomain CNAMEs that point somewhere other than Aerobatic will take precedence over the wildcard (so the same domain can be used for non-Aerobatic sites). If you prefer not to use a catch-all or your DNS provider doesn’t support it, you can of course create each CNAME separately:

Record Name Target
CNAME www [your_dns_value].cloudfront.net
CNAME blog [your_dns_value].cloudfront.net
CNAME www--staging [your_dns_value].cloudfront.net

Apex domains

The apex or “naked” domain is the root domain sans any subdomain, i.e. https://yourdomain.net. Many prefer this simplified format for their website URLs. As long as your DNS provider supports CNAME-like functionality at the zone apex you can load your Aerobatic websites via their apex URL. Providers generally refer to these as ALIAS or ANAME records. Here are some of the providers that have an offering:

Domain providers that support one of the flavors of CNAME-like at the apex include:

WARNING: Some providers, such as Namecheap, technically allow you to define a CNAME record @ that will route your apex domain correctly. But be aware, this will likely break email for your domain. This is because the @ record takes precedence over any MX mail records.

We suggest you ONLY utilize the apex domain if your DNS provider has special ALIAS/ANAME record types specifically intended to handle it. The alternative is a CNAME for each website like www.

Most all providers let you define a URL redirect record that will redirect the apex to any URL of your choice. In this case you would want to point to https://www.mydomain.com. Note that this will only work when a user browses to the non-SSL URL for your site.

Route 53 setup

If your current domain provider does not provide ALIAS/ANAME record types and you really want to host your site on the apex domain, we recommend transferring your name server records to Amazon Route 53. Route 53 can has a special relationship with CloudFront which is the CDN that Aerobatic uses to host your custom domain and SSL certificate.

You’ll want to create two record sets, an A record for your apex domain and a second CNAME for your www subdomain which will automatically redirect to your apex domain as long as the website subdomain is set to @ in the Aerobatic hosting settings.

Name Type Alias Alias target or Value
<blank> A - IPv4 address Yes [domain_dns_value].cloudfront.net.
www CNAME No [domain_dns_value].cloudfront.net

Related links

Apex domains and deploy stages

When using deploy stages for websites whose production URL is at the apex, the stage name becomes a subdomain:

  • https://mydomain.com <– production
  • https://staging.mydomain.com
  • https://test.mydomain.com

Troubleshooting

Didn’t receive the certificate verification email

First of all, check your spam folder. The email comes directly from Amazon Web Services. Aerobatic does not send the verification email. Assuming the email isn’t in your spam folder, read on.

Aerobatic uses Amazon Certificate Manager to provision auto-renewing wildcard SSL certificates for your custom domain. As part of that process, Amazon sends an email to the email address associated with the WHOIS record on your domain. However, if you are using a WHOIS privacy protection service e.g. WhoisGuard, your email address is obscured from the WHOIS record, and thus Amazon cannot properly route the validation email.

However, Amazon also automatically sends its validation email to common administrative email addresses e.g. (hostmaster@, postmaster@, webmaster@, administrator@, admin@). So, if you have added privacy protection to your custom domain and you haven’t received the validation email, one option would be to create an email address such as webmaster@mydomain.com and repeat the validation step outlined in this step by step guide.

More details on Amazon Certificate Manager can be found here: ACM Provisioning FAQ

If you are unable to set up an administrative email address, read on.

Some DNS providers don’t provide email services. In that situation, you might be unable to set up an administrative email address as described above. One alternative is to set up free email forwarding with a service such as Mailgun.

This guide will walk you through setting up the necessary MX records with your DNS provider: Mailgun Receiving Email Quickstart