How to Set Up a Custom Domain and SSL for Your Web App (Complete 2025 Guide)

Every app deployed on a cloud platform starts with a platform subdomain: yourapp.apexweaveapp.com, yourproject.vercel.app, myapp.railway.app. That subdomain is fine for testing. For anything you share with customers, clients, or the public, you need your own domain.

This guide covers the complete process: buying a domain, pointing it to your hosting, and getting SSL working — from zero to https://yourdomain.com in under an hour.

Step 1: Get a Domain Name

Where to Buy

Any accredited domain registrar works. The most commonly used by developers:

• Namecheap (namecheap.com) — Competitive pricing, good UX, WhoisGuard privacy included free
• Porkbun (porkbun.com) — Lowest prices on many TLDs, clean interface, privacy included
• Cloudflare Registrar (cloudflare.com/products/registrar) — At-cost pricing (no markup), excellent if you're already using Cloudflare DNS
• Google Domains (now Squarespace Domains) — Clean UX, but no longer recommended after Google sold it

Avoid: GoDaddy (aggressive upsells, confusing interface, higher prices), Network Solutions (outdated interface, expensive).

Choosing a TLD

• .com — Still the strongest signal of legitimacy for businesses. Buy this if it's available.
• .dev — Credible for developer portfolios and tools. Google Chrome requires HTTPS for .dev domains automatically.
• .io — Popular for SaaS and tech products.
• .app — App-specific, HTTPS required by default.
• .co — Acceptable alternative to .com when .com isn't available.
• Country codes (.uk, .ng, .ph, .za) — Good for geo-targeted businesses.

Price reference: .com typically $10–15/year. .dev and .io $12–20/year. Country codes vary significantly.

Step 2: Configure DNS

DNS (Domain Name System) is the mapping between your human-readable domain (yourdomain.com) and your server's IP address. After you buy a domain, you configure DNS records to point it where you want.

Find Your Server IP Address

In your ApexWeave dashboard → Overview tab → look for the server IP address. It's typically displayed near your domain section or under "DNS Setup."

Types of DNS Records You'll Use

A Record — Maps a domain or subdomain to an IPv4 address

Type: A
Name: @         (represents the root domain: yourdomain.com)
Value: 1.2.3.4  (your server IP)
TTL:  300       (5 minutes — set low before migration, increase after)

CNAME Record — Maps a subdomain to another domain name

Type:  CNAME
Name:  www       (represents www.yourdomain.com)
Value: yourdomain.com
TTL:   3600

Basic Setup: Root Domain + www

Most sites need both yourdomain.com and www.yourdomain.com to work:

At Namecheap / Porkbun / Google Domains:

Or using CNAME for www:

Using Cloudflare DNS (Recommended)

Cloudflare's DNS is faster than most registrars' nameservers AND adds CDN + DDoS protection automatically.

Setup:
1. Create a Cloudflare account → Add site → enter your domain
2. Cloudflare scans your existing DNS records (usually imports them automatically)
3. Cloudflare gives you two nameservers: aria.ns.cloudflare.com and mark.ns.cloudflare.com (yours will be different)
4. At your domain registrar → change nameservers to Cloudflare's
5. Wait 1–24 hours for nameserver propagation
6. Add your DNS records in Cloudflare:
- A record: @ → your server IP → Proxied (orange cloud = CDN + DDoS protection)
- A or CNAME: www → your IP or yourdomain.com → Proxied

Why Cloudflare proxy ("orange cloud") matters:
- Traffic routes through Cloudflare's global network
- DDoS protection included free
- CDN caches static assets at 300+ global edge nodes
- Your origin server IP is hidden (attacker can't target it directly)

Step 3: Set Your Custom Domain on ApexWeave

# Set the custom domain
apexweave domain:set yourapp.apexweaveapp.com yourdomain.com

# For www subdomain (if serving from www)
apexweave domain:set yourapp.apexweaveapp.com www.yourdomain.com

You can also set it in the dashboard: your app → Domain tab → Update Domain form.

Step 4: SSL Certificate Provisioning

SSL is automatic on ApexWeave. Once your DNS A record propagates and points to the server, the SSL certificate provisions without any action from you.

What happens automatically:
1. DNS propagates → your domain resolves to the ApexWeave server
2. ApexWeave detects the domain is now resolving to it
3. Let's Encrypt certificate issued automatically
4. Certificate installed and your site serves over HTTPS
5. Certificate auto-renews every 90 days

Verify SSL is working:

curl -I https://yourdomain.com
# HTTP/2 200
# server: nginx
# content-type: text/html

# Check certificate details
echo | openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2>/dev/null | openssl x509 -noout -dates
# notBefore=Apr 15 00:00:00 2025 GMT
# notAfter=Jul 14 00:00:00 2025 GMT

Step 5: Configure HTTP → HTTPS Redirect

Every HTTP request should redirect to HTTPS. This is handled automatically by ApexWeave's container configuration, but verify it works:

curl -I http://yourdomain.com
# HTTP/1.1 301 Moved Permanently
# Location: https://yourdomain.com/

If you're behind Cloudflare, also set:
- Cloudflare → SSL/TLS → Overview → Full (strict)
- Cloudflare → SSL/TLS → Edge Certificates → Always Use HTTPS: On

Step 6: Verify DNS Propagation

DNS changes take time to propagate globally. TTL controls how long resolvers cache the old value.

Check propagation:

# Check from your machine
dig yourdomain.com A +short
# Should return: your-server-ip

# Check HTTPS
curl -sI https://yourdomain.com | head -3

# Use a propagation checker
# dnschecker.org or whatsmydns.net — check from multiple global locations

Propagation typically completes within minutes for most regions (especially with a short TTL like 300s) but can take up to 48 hours for some resolvers to update.

Step 7: Update Your Application

After the domain is live, update environment variables if your app uses its own URL:

Node.js / general:

apexweave env:set yourapp.apexweaveapp.com APP_URL=https://yourdomain.com
apexweave env:set yourapp.apexweaveapp.com CORS_ORIGIN=https://yourdomain.com

Django:

apexweave env:set yourapp.apexweaveapp.com ALLOWED_HOSTS=yourdomain.com,www.yourdomain.com
apexweave env:set yourapp.apexweaveapp.com CSRF_TRUSTED_ORIGINS=https://yourdomain.com

Laravel:

apexweave env:set yourapp.apexweaveapp.com APP_URL=https://yourdomain.com

Next.js:

apexweave env:set yourapp.apexweaveapp.com NEXT_PUBLIC_APP_URL=https://yourdomain.com
apexweave env:set yourapp.apexweaveapp.com NEXTAUTH_URL=https://yourdomain.com  # If using NextAuth

After updating env vars, trigger a redeploy to apply changes:

git commit --allow-empty -m "Update domain env vars"
git push apexweave main

Common DNS and SSL Issues

"This site can't be reached" after changing DNS

Cause: DNS hasn't propagated yet, or there's a typo in the A record.

Debug:

# Check what IP your domain resolves to
dig yourdomain.com +short

# Should match your server IP — if it shows the wrong IP or nothing, DNS isn't propagated yet
# If it shows nothing: check your DNS records are saved correctly

# Force bypass local DNS cache (Mac)
dscacheutil -flushcache && killall -HUP mDNSResponder

SSL certificate not issuing

Cause: Domain isn't resolving to the server when certificate is requested, or CAA DNS record blocks Let's Encrypt.

Check:

# Verify domain resolves to your server
dig yourdomain.com +short
# Should match your ApexWeave server IP

# Check for CAA records that might block Let's Encrypt
dig yourdomain.com CAA
# If you see a CAA record, ensure it allows letsencrypt.org:
# 0 issue "letsencrypt.org"

If using Cloudflare (proxied), ensure the Cloudflare proxy is paused (grey cloud) during initial SSL provisioning if you're having trouble. Re-enable after the certificate issues.

ERR_TOO_MANY_REDIRECTS

Cause: HTTPS redirect loop — Cloudflare redirecting to HTTPS → server redirecting → Cloudflare again.

Fix: Cloudflare → SSL/TLS → set to Full or Full (strict), not Flexible.

With Flexible, Cloudflare communicates with your origin over HTTP. If your app also forces HTTPS, you get a loop. Full mode communicates over HTTPS end-to-end.

Certificate shows as "Your connection is not private"

Cause: SSL certificate is for the wrong domain, or certificate hasn't issued yet.

Check:

openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2>/dev/null | grep "subject="
# subject=CN=yourdomain.com  ← correct
# subject=CN=*.apexweaveapp.com  ← still on platform SSL, not your domain's cert

If the certificate is still for the platform domain, wait for provisioning to complete (usually under 5 minutes after DNS propagates).

Subdomains for Different Apps or Services

You can point multiple subdomains to different ApexWeave apps:

# Main site
apexweave domain:set main-site.apexweaveapp.com yourdomain.com

# API
apexweave domain:set api-service.apexweaveapp.com api.yourdomain.com

# Documentation
apexweave domain:set docs-site.apexweaveapp.com docs.yourdomain.com

# Admin panel
apexweave domain:set admin-panel.apexweaveapp.com admin.yourdomain.com

DNS records for each:
| Type | Name | Value |
|------|------|-------|
| A | @ | main-site server IP |
| A | api | api-service server IP |
| A | docs | docs-site server IP |
| A | admin | admin-panel server IP |

Each subdomain gets its own SSL certificate automatically.

Migrating a Live Domain (Minimising Downtime)

If you're moving an existing domain from one host to another, minimise downtime:

1. Reduce TTL before migration:
72 hours before migration: change your domain's TTL from 3600 to 300 seconds.
This means DNS change propagates in 5 minutes instead of 1 hour.

2. Set up on new hosting first:
Configure your site fully on ApexWeave (env vars, deployment, tested via platform subdomain).

3. Switch DNS:
Change the A record to point to ApexWeave's server IP.

4. Verify immediately:

# Force DNS check
curl -H "Host: yourdomain.com" http://your-apexweave-server-ip/

5. SSL issues automatically:
Within minutes of DNS propagating.

6. Restore TTL:
After 24 hours, change TTL back to 3600.

Total downtime with this approach: 0–5 minutes (only during TTL refresh window).

Set up your custom domain and auto-SSL at apexweave.com/git-deployment.php — apexweave domain:set configures your domain in one command, SSL provisions automatically.