Custom domains and certificate management

Manage SSL/TLS certificates for your custom domains directly from the ReachFive Console. You can either use an automatically generated Let’s Encrypt certificate or upload your own custom certificate.

Overview

In the ReachFive Console, you can automate the management of certificates for your ReachFive project.

When you configure a custom domain, the system automatically requests and installs a certificate for you using Let’s Encrypt. If you prefer to use your own certificate, you can upload it through the console.

Prerequisites

  • You must have access to the Settings  Domain page in the ReachFive Console.

  • You must own and control the DNS for the custom domain you wish to configure.

  • You need the correct cluster identifier, which is automatically managed by the system.

Configure a custom domain

  1. Retrieve your domain information in the ReachFive Console under Settings  Domain.

    console domain

  2. Create the DNS entry on your side using the information you received from us.

    DNS entry

    test-custom-domain.domain.client IN CNAME <domain>

  3. Send us the custom domain name to complete the setup process. By default, a Let’s Encrypt certificate is generated via Automatic certificate management. If you prefer a custom certificate, see Custom certificates.

Automatic certificate management

When a new custom domain is saved, the ReachFive Console triggers an automated workflow:

  1. The certificate management service provisions an ingress resource on the cluster.

  2. A Let’s Encrypt certificate is generated and installed automatically.

  3. Renewals are handled automatically.

You don’t need to manually send certificate information or contact ReachFive support.

Custom certificates

If you prefer to use your own SSL/TLS certificate instead of Let’s Encrypt:

  1. First, ensure a custom domain and an existing Let’s Encrypt certificate are already configured.

  2. In the ReachFive Console, go to Settings  Certificate Management.

    View from the ReachFive Console

    cert management

  3. Paste your PEM-formatted certificate.

    Example certificate

    -----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAO+7KsbZ2U8KMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkZSMRAwDgYDVQQIDAdQYXJpc2kxEDAOBgNVBAcMB1BhcmlzIENBMRMwEQYD
VQQKDApFeGFtcGxlIEx0ZDAeFw0yNTAxMDEwMDAwMDBaFw0yNjAxMDEwMDAwMDBa
MEUxCzAJBgNVBAYTAkZSMRAwDgYDVQQIDAdQYXJpc2kxEDAOBgNVBAcMB1Bhcmlz
IENBMRMwEQYDVQQKDApFeGFtcGxlIEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEA2v1EG9M7kMxP3ZZ8I5/1eV7FiYx3Vdphlf0hc6l1RhA+y8r8aQlS47cp
0gYvNhE4n7q1s9P7G0H1yH/NwqYiD9qQrwIhJ0V4fOHTyFXv+lLt1KZyLrZJp6hH
F1COq8nSja7e9pQOrPqXqV0TtUjZ7vTAgMBAAGjUDBOMB0GA1UdDgQWBBR9w5jh
8x3p4nUV9kT+S4G8kXkvdDAfBgNVHSMEGDAWgBR9w5jh8x3p4nUV9kT+S4G8kXkvdD
AMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAGFWm2UpP8A6zB5E05mOqv
ok5u3fnOE8VpmvKZzlnm8JblKliRhVY/Us9O/8Jr1sDG8SnrM5gFfTMWBGj0xYhJ
x7FoV6sKXhdz+uO8WdksOkXVL4vLgMxhVZ1RPOy5RZmxpIXukj9BQOP9/jY08WcC
zkYOe1b1YFv1R7Rf2qL7
-----END CERTIFICATE-----

  4. Paste your PEM-formatted private key.

    Example private key

    -----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA2v1EG9M7kMxP3ZZ8I5/1eV7FiYx3Vdphlf0hc6l1RhA+y8r8
aQlS47cp0gYvNhE4n7q1s9P7G0H1yH/NwqYiD9qQrwIhJ0V4fOHTyFXv+lLt1KZy
LrZJp6hHF1COq8nSja7e9pQOrPqXqV0TtUjZ7vTAgMBAAECggEBAJr+5L3bZ/oy
5WlDZ+5BrDe7xqItwE4Kx4K2o59o6iJgqKzLJ6x9Pb3td/0W9XjRZyfj9QJYd0dW
9nHh72cWy7pJfWbXQkE7E5rI1dtKnYH+JIGZ5mxzBqmvC2rcJ9ZVR+WPo8A8Lp4q
7BYnD5nRTFzTpj6UE9kGq4qPV6b+OtM+1PwI3sUuK+jEGq+khx8TKnpccN1Ck6Rp
iyCtFZMzN26UZSm8Y2R8fCcpkpU3RhjeoKxHLLk4Nrc5qycj3lL9oyZbDofZ6l5U
8OiMbFY8TK+qNjR1I0kbLNEaR3FBAzK/XuUgj+ug4J9ME79lbmRQ7Fz07eqKkZPp
wOeL8iECgYEA5MDFx0g3xL8s27dfCNh4bP3f9MJcR9l6mUqJ6PPCnJlbw4X6UTPx
qOgu1x5Uf3fxy9UfABdRcQ3XWCCwcyzDMR7D0x8sKkgQacKHezHCpOHK5AQip0KJ
1Yg1B4sZbqWxxwZ7dAfv1kKHCE7NrbHRUoVx0l7A1X/Zr8N2HzpT0l0CgYEA7zSz
L8Q3z5K0RCbEwD1x9N5n6G4aZx5Eq+DSuFMBvTGad+ig0lH5LM4Q2YpYtTqXzqT+
cRka0w9ZxXjV+2gWCEW8j7n4J3vv4Ncq8MZYVSkjZ+e0i9Kvx92oWxE6+0k1ZjQS
hrzvFMzZoPZdb6pTGn2IoWwIVtqI6GzTYrX1MCsCgYEAyJ7EozJ6X/1u+63S3wQS
dTPY4pR2r91zO7tM6sCN1/l1KCCV1dLpHDK8uIq3SMzptpV9bnf1yrZkNE/kC4e+
QsdqPrb7g7UhmSRZ6N8t7wHiyk8HnT/j9hT6QBW1eKtJ8rGzL2n8qzG5Kn8GvbiF
p6zn1W2uZt8sIF0mvlK4tFUCgYEA0uzrXBgsmn27t85+myPpSu2bV7x8bYb52zMz
7ySYJzEJbKuH6LK7yIbKjh3I5f0UfTll3BOA0xKx3fWq6xAY1cS1qKu2HZ7tQFqT
p3zMZkvLgLrXEU1XfDczWsl1MrrjBsv9VRwJ5iA2pb4Y1qJqHTGhLZbUJ8l2YKo3
RLRX2CECgYEA4Sr8UO+HzffIfbQUPFZZrZ2ZbnRbzO0nhQpyEKR9Uu43f4yocVzt
iXgAVWTe2xQe9p6sNnZpuD3jSWYXZ8anGzMPJr1rPtzcDvnT9f6QZFn6K5x/gsHf
ovEwIYET/W7s3GndZojAs/gM0lFD7KpRn9AVeF5cSw9oNf+3BBh2ukA=
-----END RSA PRIVATE KEY-----

  5. Paste any intermediate certificates (if applicable)

  6. Click Upload.

When you save:

  • The ReachFive Console sends a secure request to the certificate management service with your custom certificate data.

  • The certificate is installed on your cluster.

What information can I see about the certificate? 🤔

The Ip resolved from the custom domain lets you see that the custom domain DNS is configured correctly. In other words, the IP displayed corresponds to the IP of it ReachFive default domain (e.g clientName.reach5.net) )

The Current certificate lets you see information about the current existing certificate which you previously uploaded or created with LetsEncrypt.

cert management top

Updating a Custom Certificate

If you need to renew or replace a certificate:

  1. Update the private key, certificate, or intermediate fields.

  2. Don’t forget to Save your input..

The system compares your new values with the existing stored data (base64 format):

What happens? 🤔

  • If the certificate is identical, no action is taken.

  • If it differs, the new certificate is automatically installed.

Notes

  • Certificates are stored securely in base64 format for integrity comparison.

  • Each environment (e.g., staging and production) requires a separate certificate.

  • We recommend using the ReachFive PasteBin if you need to securely share certificate data with the ReachFive team.