Custom domains
Partial — customer-managed TLS for external domains
Apply your own domain names to BreachFix Cloud web services and static sites. Your service keeps its default {serviceId}.breachfix.com URL in addition to any custom domains you add.
Overview
- Default service URLs use platform TLS (Cloudflare Universal SSL on
*.breachfix.com). - Custom external domains use customer-managed TLS at your DNS provider in v1.
- Routing activates after DNS verification — no redeploy required.
1. Add your domain in the dashboard
- Open your service → Settings → Custom domains.
- Enter your domain (e.g.
app.example.com) and click Add domain.
Unicode domains must be Punycode-encoded first (e.g. ëxample.com → xn--xample-ova.com).
2. Configure DNS
Remove AAAA records while configuring DNS to avoid IPv6 routing issues.
- Subdomains: CNAME to your service default host (e.g.
srv-abc123.breachfix.com) - Apex: ANAME, ALIAS, or CNAME flattening where supported
Provider guides:
3. Verify
- Click Verify in Settings → Custom domains.
- Use
dig CNAME your.domain +shortif verification fails — DNS may still be propagating.
TLS for custom domains
Configure TLS at your DNS provider. Cloudflare: SSL mode Full (not Full Strict) when proxying. See TLS certificates.
Advanced
OAuth: register callback URLs for each custom domain. Wildcards: add individual subdomains in v1 — wildcard custom domains are not fully supported.