Skip to main content

Domains & SSL

Connect your custom domains to Kuploy and secure them with automatic SSL certificates.

Default Domain

Every application automatically receives a Kuploy subdomain:

https://[app-name]-[random-id].kuploy.app

This domain is always available and includes automatic SSL.

Adding Custom Domains

  1. Navigate to your application
  2. Go to the Domains tab
  3. Click Add Domain
  4. Enter your domain (e.g., app.yourdomain.com)
  5. Click Add

DNS Configuration

After adding a domain, configure your DNS provider:

For subdomains like app.yourdomain.com or www.yourdomain.com:

TypeNameValue
CNAMEappcname.kuploy.app
# Example DNS record
app.yourdomain.com.  CNAME  cname.kuploy.app.
tip

CNAME records are recommended because they automatically handle IP address changes.

Root Domain (Apex)

For root domains like yourdomain.com:

TypeNameValue
A@76.76.21.21
# Example DNS record
yourdomain.com.  A  76.76.21.21
caution

Some DNS providers support CNAME flattening or ALIAS records for root domains. If available, use:

yourdomain.com.  ALIAS  cname.kuploy.app.

This is more reliable than A records.

www Redirect

To redirect www.yourdomain.com to yourdomain.com (or vice versa):

  1. Add both domains to your application
  2. Configure DNS for both: 
    yourdomain.com.      A      76.76.21.21
    www.yourdomain.com.  CNAME  cname.kuploy.app.
  3. In domain settings, set your preferred domain as primary
  4. Enable Redirect to Primary for the other domain

Automatic Let's Encrypt SSL

Kuploy automatically provisions free SSL certificates from Let's Encrypt:

  1. Automatic Provisioning - Certificates are issued within minutes of DNS verification
  2. Auto-Renewal - Certificates are renewed automatically before expiration
  3. No Configuration - Works out of the box with no setup required

SSL Status

Check your certificate status in the Domains tab:

StatusDescription
🟢 ActiveCertificate is valid and active
🟡 PendingWaiting for DNS verification
🔴 FailedCertificate provisioning failed

Troubleshooting SSL Issues

If your certificate isn't provisioning:

  1. Verify DNS propagation - Use dnschecker.org to confirm your records are live
  2. Wait for propagation - DNS changes can take up to 48 hours (usually minutes)
  3. Check CAA records - Ensure CAA records allow Let's Encrypt: 
    yourdomain.com.  CAA  0 issue "letsencrypt.org"
  4. Remove conflicting records - Ensure no conflicting A/AAAA/CNAME records exist

Custom SSL Certificates

For specific requirements (EV certificates, wildcard domains, etc.), upload your own certificate:

  1. Go to Domains → select your domain
  2. Click Custom Certificate
  3. Upload your files:
    • Certificate (.crt or .pem)
    • Private Key (.key)
    • CA Bundle (optional, for intermediate certificates)
  4. Click Save
# Required files
certificate.crt    # Your SSL certificate
private.key        # Private key (keep this secret!)
ca-bundle.crt      # Intermediate certificates (if applicable)
caution

Custom certificates are not auto-renewed. Set a reminder to update them before expiration.

Wildcard Domains

To use wildcard certificates (e.g., *.yourdomain.com):

  1. Upload a wildcard certificate as a custom certificate
  2. Add specific subdomains as needed
  3. They'll automatically use the wildcard certificate

Force HTTPS

All traffic is automatically redirected to HTTPS. This cannot be disabled for security reasons.

Kuploy adds the following security headers:

Strict-Transport-Security: max-age=31536000; includeSubDomains

Multiple Domains

You can add multiple domains to a single application:

app.yourdomain.com
www.yourdomain.com
yourdomain.com
app.anotherdomain.com

All domains serve the same application content.

Domain Verification

For certain TLD or domain registrars, additional verification may be required:

  1. Add a TXT record to verify ownership: 
    _kuploy-verify.yourdomain.com.  TXT  "verification-code-here"
  2. Wait for verification to complete
  3. The domain becomes active

Best Practices

  1. Use subdomains - CNAME records are more reliable than A records
  2. Set up www redirect - Ensure users can access both www and non-www
  3. Monitor expiration - For custom certificates, track renewal dates
  4. Use CAA records - Restrict which CAs can issue certificates for your domain
  5. Test thoroughly - Verify SSL works on all target browsers and devices

DNS Provider Guides

Quick links for common DNS providers:

  • Cloudflare: Disable proxy (orange cloud) for Kuploy domains
  • Namecheap: Use Advanced DNS settings
  • GoDaddy: Navigate to DNS Management
  • Route 53: Create records in your hosted zone
  • Google Domains: Access DNS settings in domain management