Custom Domains & HTTPS Certificates
Every Publica.la store comes with a default subdomain like yourstore.app.publica.la. You can replace it with your own domain (for example, store.yourcompany.com) so your customers see your brand in the URL.
Key points:
- HTTPS certificates are automatic and free. You don't need to buy, install, or renew anything.
- Setup requires a single DNS change on your end (a CNAME record).
- We handle everything else: certificate issuance, renewal, and serving.
Setup Guide
1. Find Your Publica.la Subdomain
Your store has a unique subdomain assigned by Publica.la, something like:
yourstore.app.publica.la
You can find it in your store's Settings > Basic panel. Copy this value - you'll need it in the next step.
2. Create a CNAME Record
Go to your DNS provider (GoDaddy, Namecheap, Cloudflare, etc.) and create a CNAME record:
| Type | Name | Target / Value |
|---|---|---|
| CNAME | store | yourstore.app.publica.la |
This tells browsers that store.yourcompany.com should be handled by Publica.la.
Use a subdomain like store.yourcompany.com, books.yourcompany.com, or www.yourcompany.com rather than a naked/apex domain (yourcompany.com). CNAME records work reliably with subdomains but have technical limitations with apex domains.
3. Wait for DNS Propagation
DNS changes can take up to 48 hours to propagate worldwide, though most propagate within minutes. You can check propagation status using tools like DNS Checker or whatsmydns.net.
4. Save Your Domain in Publica.la
Once the CNAME record is in place, enter your custom domain in your store's Settings > Basic panel and save. Our system will validate the CNAME record and begin provisioning your HTTPS certificate automatically.
For a detailed walkthrough of the dashboard UI, see our Help Center article.
Important Rules
One Domain per Store
We configure one domain or subdomain per store. If you want both www.yourcompany.com and yourcompany.com to reach your store, set up one of them as a CNAME pointing to us and configure a redirect from the other on your side. This www-to-naked (or naked-to-www) redirect is your responsibility.
We recommend pointing the subdomain variant (e.g. www.yourcompany.com) to us and redirecting the naked domain to it.
A CNAME record between www and the naked domain is not a redirect. It only makes both domains resolve to the same server, but the browser URL stays the same. Since we only recognize the one domain you configured, the other variant will not work.
You need an actual HTTP redirect (301) from the unconfigured variant to the configured one. This requires a web server with a valid HTTPS certificate for the source domain. Most DNS providers offer this as a built-in feature:
- Cloudflare: Page Rules or Redirect Rules
- GoDaddy / Namecheap: Domain forwarding in your domain settings
- AWS Route 53: S3 redirect bucket + CloudFront
CNAME Only - No A Records
We only support CNAME records. A record setups are not supported, and we do not guarantee the stability of any IP addresses. Our infrastructure IPs can change at any time without notice. Using a CNAME ensures your domain automatically follows our infrastructure.
Cloudflare Users: Proxy Must Be Off
If you manage your DNS through Cloudflare, you must keep the proxy disabled (gray cloud icon / "DNS only" mode) for the CNAME record pointing to Publica.la. This is permanent - do not re-enable it.
The orange cloud (proxy enabled) intercepts the HTTP challenge our system uses to issue and renew your HTTPS certificate. With the proxy on, certificate operations will fail, causing SSL errors on your domain.
Troubleshooting
"Do I need to buy an SSL certificate?"
No. We automatically provision and renew HTTPS certificates at no cost. You do not need to purchase a certificate from GoDaddy, your hosting provider, or anyone else. If you already have one, it won't be used. Our system handles certificates independently.
"My domain shows an SSL error"
Check these in order:
- CNAME is correct: verify it points to your
*.app.publica.lasubdomain. - DNS has propagated: check with DNS Checker.
- Cloudflare proxy is off: if you use Cloudflare, confirm the record shows a gray cloud (DNS only).
- Wait: after DNS propagation, certificate issuance can take 30-60 minutes.
"Can I use a naked/apex domain?"
It's technically possible, but we recommend against it. CNAME records on apex domains are not universally supported by DNS providers (some offer workarounds like ALIAS or ANAME records, but these are non-standard). If you choose to use a naked domain, you're responsible for redirecting the other variant.
"Can I use an A record instead of CNAME?"
No. Our infrastructure uses dynamic IP addresses behind AWS Global Accelerator. These IPs can change without notice. We will not offer any guarantees about IP stability, and A record setups will break when IPs change.
"My domain was working but now shows SSL errors"
Certificates renew automatically. If renewal fails, the most common cause is Cloudflare proxy being re-enabled (orange cloud). Disable it and wait 30-60 minutes for the certificate to re-issue.
"I changed my domain and now it's not working"
When you change your custom domain, the previous certificate is invalidated and a new one needs to be issued for the new domain. This process is automatic but can take up to 30-60 minutes.
Technical Details
This section is intended for developers and technical staff who want to understand the underlying infrastructure.
Why CNAME Only
Our infrastructure uses dynamic IP addresses that can change without notice. A CNAME record to *.app.publica.la ensures your domain automatically follows our infrastructure regardless of IP changes.
Why Cloudflare Proxy Breaks Certificates
Our system uses HTTP-01 challenges to validate domain ownership with the certificate authority. This requires the CA to reach our servers directly via HTTP. When Cloudflare's proxy is enabled, it intercepts these requests and the challenge validation fails. This affects both initial issuance and renewal.
CNAME Validation
When you save a custom domain in the dashboard, we perform a real-time DNS lookup to verify that a CNAME record exists and points to your *.app.publica.la subdomain. If the CNAME is missing or points elsewhere, the save is rejected.