Custom Domain and SSL Setup for Your Deployed App: The Complete Flow

Once your app is deployed and running on a server or a managed platform, the next visible milestone is attaching your real domain and making sure it serves over HTTPS. This involves three distinct pieces — DNS, an SSL certificate, and routing configuration — and most first-time founders get tripped up because they conflate them.

DNS is the system that translates a domain name like yourapp.com into the IP address or hostname where your server lives. You manage DNS records in your domain registrar's control panel (GoDaddy, Namecheap, Google Domains, or wherever you bought the domain). The record types you need to know are A records (map a domain to an IPv4 address), CNAME records (map a domain to another hostname, like your load balancer's DNS name), and ALIAS or ANAME records (like CNAME but valid for the root domain, supported by some registrars and all Route53 setups).

For a root domain (yourapp.com, without www), you need either an A record pointing to your server's static IP address, or an ALIAS record if your platform gives you a hostname rather than an IP. For a subdomain like www.yourapp.com or api.yourapp.com, a CNAME pointing to your server's hostname is cleaner and survives IP changes.

If you are on AWS, the recommended path is to use Route 53 as your DNS provider and create an A record with an alias pointing to your CloudFront distribution or Application Load Balancer. Route 53 handles ALIAS records for AWS resources natively at no extra cost per query.

DNS changes take anywhere from a few minutes to 48 hours to propagate globally (the actual propagation is usually complete in 5 to 30 minutes but some ISPs cache aggressively). You can check propagation using a tool like dnschecker.org — verify that your domain resolves to the correct IP from multiple regions before assuming something is broken.

SSL certificates are what enable HTTPS. In 2025 and 2026, there is no reason to pay for an SSL certificate. Let's Encrypt issues free 90-day certificates that auto-renew, and it is supported by every major server (nginx, Apache, Caddy) and most platforms. On a Linux server, install certbot, run certbot --nginx (or --apache), and it automatically provisions a certificate for your domain and configures your web server to serve HTTPS traffic and redirect HTTP to HTTPS.

On AWS with CloudFront, you use AWS Certificate Manager (ACM), which also issues free certificates. You request a certificate for your domain, validate it via a DNS CNAME record that ACM gives you (add it to your DNS provider, wait for validation), and then attach the certificate to your CloudFront distribution or ALB. ACM certificates auto-renew as long as the validation DNS record stays in place.

The routing piece is what connects an incoming request for yourapp.com to the right application running on your server. If you run nginx, your server block listens on port 443 (HTTPS), uses the certificate certbot installed, and proxies requests to your application process on a local port like 3000 or 8080. If you are behind a CloudFront distribution, CloudFront handles the SSL termination and forwards requests to your origin (EC2, S3, or another service) over HTTP or HTTPS internally.

A common pitfall: your server might be running and healthy, but if a security group or firewall rule does not allow inbound traffic on port 443, your HTTPS requests will time out. On EC2, check your security group inbound rules and ensure port 443 is open to 0.0.0.0/0 (or to your CloudFront IP ranges if you want to restrict direct access).

Once this is set up correctly, you should see a padlock icon in the browser, your domain should resolve, and HTTP requests should redirect to HTTPS automatically. If any piece is missing, the most useful debugging tool is curl -v https://yourapp.com — it shows the SSL handshake, the certificate details, and the response, which narrows down exactly where the failure is.

For founders who want to skip all of this and just hand over the domain, the full DNS setup, certificate provisioning, and nginx configuration is part of what a production infrastructure setup service handles for you.