Custom domains and certificate management

Manage SSL/TLS certificates for your custom domains directly from the ReachFive Console. You can either use an automatically generated Let’s Encrypt certificate or upload your own custom certificate.

Overview

In the ReachFive Console, you can automate the management of certificates for your ReachFive project.

When you configure a custom domain, the system automatically requests and installs a certificate for you using Let’s Encrypt. If you prefer to use your own certificate, you can upload it through the console.

Prerequisites

  • You must have access to the Settings  Domain page in the ReachFive Console.

  • You must own and control the DNS for the custom domain you wish to configure.

  • You need the correct cluster identifier, which is automatically managed by the system.

Configure a custom domain

  1. Retrieve your domain information in the ReachFive Console under Settings  Domain.

    console domain

  2. Create the DNS entry on your side using the information you received from us.

    DNS entry

    test-custom-domain.domain.client IN CNAME <domain>

  3. Send us the custom domain name to complete the setup process. By default, a Let’s Encrypt certificate is generated via Automatic certificate management. If you prefer a custom certificate, see Custom certificates.

Automatic certificate management

When a new custom domain is saved, the ReachFive Console triggers an automated workflow:

  1. The certificate management service provisions an ingress resource on the cluster.

  2. A Let’s Encrypt certificate is generated and installed automatically.

  3. Renewals are handled automatically.

You don’t need to manually send certificate information or contact ReachFive support.

Automatic certificate management is not supported when your DNS is managed through a reverse-proxy service such as Akamai, Cloudflare, or Fastly.

In these cases, Let’s Encrypt cannot verify domain ownership because the proxy intercepts the verification requests.

You must therefore manage your SSL/TLS certificate and its renewal manually. See Custom certificates for details on how to upload your own certificate in the ReachFive Console.

Custom certificates

If you prefer to use your own SSL/TLS certificate instead of Let’s Encrypt:

  1. First, ensure a custom domain and an existing Let’s Encrypt certificate are already configured.

  2. In the ReachFive Console, go to Settings  Certificate Management.

    View from the ReachFive Console

    cert management

  3. Paste your PEM-formatted certificate.

    Example certificate

    -----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAw`BAgIJAO+7KsbZ2U8KMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkZSMRAwDgYDVQQIDAdQYXJpc2kxEDAOBgNVBAcMB1BhcmlzIENBMRMwEQYD
VQQKDApFeGFtcGxlIEx0ZDAeFw0yNTAxMDEwMDAwMDBaFw0yNjAxMDEwMDAwMDBa
MEUxCzAJBgNVBAYTAkZSMRAwDgYDVQQIDAdQYXJpc2kxEDAOBgNVBAcMB1Bhcmlz
IENBMRMwEQYDVQQKDApFeGFtcGxlIEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEA2v1EG9M7kMxP3ZZ8I5/1eV7FiYx3Vdphlf0hc6l1RhA+y8r8aQlS47cp
0gYvNhE4n7q1s9P7G0H1yH/NwqYiD9qQrwIhJ0V4fOHTyFXv+lLt1KZyLrZJp6hH
F1COq8nSja7e9pQOrPqXqV0TtUjZ7vTAgMBAAGjUDBOMB0GA1UdDgQWBBR9w5jh
8x3p4nUV9kT+S4G8kXfakeExampleEGDAWgBR9w5jh8x3p4nUV9kT+S4G8kXkvdD
AMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAGFWm2UpP8A6zB5E05mOqv
ok5u3fnOE8VpmvKZzlnm8JblKliRhVY/Us9O/8Jr1sDG8SnrM5gFfTMWBGj0xYhJ
x7FoV6sKXhdz+uO8WdksOkXVL4vLgMxhVZ1RPOy5RZmxpIXukj9BQOP9/jY08WcC
zkYOe1b1YFv1R7Rf2qL7
-----END CERTIFICATE-----

  4. Paste your PEM-formatted private key.

    Example private key

    -----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASC...
FakePrivateKeyExample1234567890abcdefgHIJKLMNOPQRST
uvwxyZ==
-----END PRIVATE KEY-----

  5. Paste any intermediate certificates (if applicable)

    Example intermediate certificate

    -----BEGIN CERTIFICATE-----
MIIDezDDAmOgAwIBAgIUFakeIntermediateCertABC123456789
MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkZSMQ8wDQYDVQQI
DAZQYXJpczEQMA4GA1UEBwwHUGFyaXMxEDAOBgNVBAoMB1JlYWNo
Rml2ZTEPMA0GA1UEAwwGUm9vdENBMB4XDTI1MDEwMTAwMDAwMFoX
DTMwMDEwMTAwMDAwMFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgM
BlBhcmlzMRAwDgYDVQQHDAdQYXJpczEQMA4GA1UECgwHUmVhY2hG
aXZlMQ8wDQYDVQQDDAZSb290Q0EwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfakeIntermediateKeyExample123456
-----END CERTIFICATE-----

  6. Click Upload.

When you save:

  • The ReachFive Console sends a secure request to the certificate management service with your custom certificate data.

  • The certificate is installed on your cluster.

What information can I see about the certificate? 🤔

The Ip resolved from the custom domain lets you see that the custom domain DNS is configured correctly. In other words, the IP displayed corresponds to the IP of it ReachFive default domain (e.g clientName.reach5.net) )

The Current certificate lets you see information about the current existing certificate which you previously uploaded or created with LetsEncrypt.

cert management top

Updating a Custom Certificate

If you need to renew or replace a certificate:

  1. Update the private key, certificate, or intermediate fields.

  2. Don’t forget to Save your input..

The system compares your new values with the existing stored data (base64 format):

What happens? 🤔

  • If the certificate is identical, no action is taken.

  • If it differs, the new certificate is automatically installed.

Notes

  • Certificates are stored securely in base64 format for integrity comparison.

  • Each environment (e.g., staging and production) requires a separate certificate.

  • We recommend using the ReachFive PasteBin if you need to securely share certificate data with the ReachFive team.

R5 AI Assistant
The R5 AI assistant can make mistakes, verify answers.

Confirm Deletion