Subdomains, TLS certificates and a monolith setup

How are TLS certificates handled in the environment configuration for subdomains? Is there a preferred configuration? Wildcard certificate and cname entries perhaps?

In the past we did use wildcard certificates with cname entries however we have fully migrated to using Letsencrypt. If this is on a machine already running CommCare then Letsencrypt tooling will already be installed so you can use the Certbot ACME client for any custom sites.

commcare-cloud does not have support for configuring custom sites so you would need to do it manually following the instructions in the Certbot documentation. Cerbot does also support wildcard certificates if it's supported by you DNS provider.

1 Like

Great, thanks Simon!