Custom Hostnames and TLS certificates

Overview

When integrated with VGS, by default, the traffic is passed via VGS proxy, which looks like either tntdcjppp6x.sandbox.verygoodproxy.com or tntdcjppp6x.live.verygoodproxy.com, where tntdcjppp6x is your vault identifier. Custom Hostnames allows making a Vault accessible at the non-VGS domain name (for example, www.customdomain.com). So any requests made through VGS will now reflect your domain alias.

Custom Hostnames are available for all customers. To add a CNAME, VGS will provision a TLS certificate. Each TLS certificate for Custom Hostname costs 40$ per month.

Custom Hostnames extend several benefits/functionality:

  • Branded visitor experience. Your site visitors will seamlessly transition between VGS and Client without recognizing that the content exists on two separate domains.

  • Automated provisioning and management of the entire TLS certificate lifecycle by VGS.

  • Ability to configure multiple inbound routes.

Terms

CNAME: a canonical name, an entry within the Domain Name System (DNS) that specifies where someone can find your web pages.

Default hostname: VGS term for the default domain with the form {{environment}}.verygoodsecurity.com

Domain alias: term for additional custom domains assigned to a site.

DNS provider: a company that maintains the DNS servers that translate a domain name to a destination.

TLS certificate: TLS stands for Transport Layer Security, together with the now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.

Add a Custom Hostname

Add a new CNAME and a TLS certificate will be issued for it by VGS.

Dedicated TLS certificates are automatically generated and propagated through our global content delivery network, providing robust encryption, along with lightning-fast performance and compatibility.

Add a custom Hostname on the dashboard:

  1. Log in to the VGS dashboard.

  2. Go to the Vault Settings > Custom Hostnames

  3. Click Add

  4. Enter the domain alias (CNAME domain). For example payments.customdomain.com

  5. Click Save

The validation and deployment process completes in ~90 seconds. After adding the Custom Hostname, view the provisioning status under the Status column in the CNAMEs section. The provisioning takes up to 30 minutes. VGS defaults to auto-renewal of the TLS certificate.

If the provisioning was successful - you will see "Activate for SDKs" button. Verifying allows you to use this CNAME with VGS Collect/Show/Checkout products.

If the hostname is invalid:

  • Visit your DNS provider

  • Add a CNAME record for mydomain pointing to either <vault_id>.sandbox.verygoodproxy.com or <vault_id>.live.verygoodproxy.com

If you’ve already done this, allow up to 24 hours for the changes to propagate. Once issued, certificates are valid for 90 days, and renew automatically 21 days before expiration. Renewals require no action from your side.

Add a Custom Hostname to inbound route

To assign a custom hostname to an inbound route:

  1. Go to Routes › click Manage

  2. Click on the + icon in the Custom Hostnames section

  3. Select a custom hostname from the list or add a new CNAME

  4. Save the route

The Default CNAME is the VGS hostname used by your service/s. The default CNAME can be used only once. To change it, choose one of the CNAMEs from the list and then remove the default one.

Removing a CNAME

  1. Go to the Vault Settings > Custom Hostnames

  2. Press the ‘delete’ icon next to the custom hostname that needs to be removed.

CNAMEs Errors

In case your CNAME becomes invalid. If, for instance, the CNAME value points to the incorrect domain, the status field on the Custom Hostnames tab changes from ‘Valid’ to ‘Invalid’.

PreviousMutual TLS CertificatesNextIAM

Last updated