Inhank Cloud DocsCloud Docs

Custom domains

Serve your service on your own domain with automatic HTTPS.

Every service starts with a free default domain at *.inhank.app. For production, you'll typically want to use your own domain (e.g. app.example.com). Inhank Cloud lets you attach any number of custom domains to a service, with automatic HTTPS, free of charge.

HTTPS certificates are issued and auto-renewed via Let's Encrypt. Works with any DNS provider — Cloudflare, Route53, Google Domains, and others.

Add a custom domain
Open the Custom Domains tab on your service.

What you need

  • A domain you control (e.g. example.com or app.example.com).
  • Access to your DNS provider (Cloudflare, Route53, GoDaddy, etc.).
  • Your service already deployed and running on Inhank Cloud.

Adding a domain

Add the domain in the dashboard

  1. Open your service.
  2. Go to the Custom Domains tab.
  3. Click + Add domain.
  4. Enter the full hostname (app.example.com or example.com).
  5. Click Add.

Create the DNS records

The dashboard now shows two records you need to create at your DNS provider:

RecordTypeNameValue
RouteCNAME (subdomain) or A (apex)Your hostnameThe target shown in the dashboard
VerificationTXT_inhank-verify.<your-hostname>A unique token shown in the dashboard

The route record sends traffic to Inhank Cloud. The verification record proves you own the domain (a one-time check).

Wait for verification

Inhank Cloud checks every minute for the TXT record. You can also click Re-check now to skip the wait.

Most providers propagate in 5–30 minutes. Cloudflare and Route53 are typically under a minute.

Once verified, the domain status changes to Verified.

Wait for the HTTPS certificate

After verification, Inhank Cloud automatically requests an SSL certificate from Let's Encrypt. The dashboard shows certificate status:

  • Issuing — request in flight, usually 10–60 seconds
  • Active — installed, HTTPS is live

Test it

curl -I https://app.example.com
# Expected: HTTP/2 200 (or your app's response)

Open the URL in your browser. The padlock icon should be green, with no certificate warnings.

DNS record details

The exact value of the route record depends on whether you're adding a subdomain or an apex (root) domain.

For app.example.com, api.example.com, etc., use a CNAME:

Type:  CNAME
Name:  app                          (just the leftmost label)
Value: <target shown in dashboard>
TTL:   Auto (or 5 minutes)

Apex / root domain

CNAMEs aren't allowed at the apex of a zone. Use an A record:

Type:  A
Name:  @                            (or leave blank, depending on provider)
Value: <IP shown in dashboard>
TTL:   Auto

Verification (always required)

In addition to the route record:

Type:  TXT
Name:  _inhank-verify.app           (just the prefix + leftmost label)
Value: <token shown in dashboard>
TTL:   Auto

The token is unique per domain. Don't share or reuse it.

Using Cloudflare? Go DNS-only first

When you create the route record, set proxy mode to DNS only (grey cloud) until your domain shows Verified and the certificate is Active. After that, switch back to Proxied (orange cloud) if you want Cloudflare's CDN in front.

HTTPS behavior

Once a custom domain is verified, Inhank Cloud:

  • Issues a free SSL certificate via Let's Encrypt.
  • Renews certificates automatically before expiry. You never need to do anything.
  • Redirects HTTP → HTTPS with a 301 Permanent. There's no way to disable this; HTTPS-only is enforced.
  • Serves TLS 1.2 and 1.3 with modern cipher suites.

Wildcard certificates (*.example.com) are not supported in v1.

Multiple domains per service

You can attach as many custom domains as you want to a single service. All of them route to the same application. Useful for:

  • Apex + subdomain (example.com and www.example.com)
  • Multiple brand domains pointing at the same app
  • Redirecting old URLs to a new app while you migrate

Limits: up to 10 custom domains per service. Contact us if you need more.

Removing a domain

  1. Open your service → Custom Domains tab.
  2. Click the menu on the domain → Remove.
  3. Confirm.

Inhank Cloud stops accepting traffic for that hostname within ~30 seconds. Once removed, you can safely delete the DNS records at your provider.

The Let's Encrypt certificate is left in place; it harms nothing and lets you re-add the domain without re-issuing.

Troubleshooting

"Pending verification" never flips to "Verified"

Confirm the TXT record actually exists in public DNS:

dig +short TXT _inhank-verify.app.example.com
  • If dig returns nothing, the record hasn't propagated yet. Wait 5 minutes and retry, or check your DNS provider's UI to confirm the record was actually saved.
  • If dig returns a different value than the dashboard shows, you copy-pasted the wrong token. Re-copy and update.
  • If dig returns the value with surrounding quotes ("\"token\""), remove the inner quotes — your provider double-escaped them.

Some DNS providers want the leftmost label only (_inhank-verify.app), others want the full FQDN (_inhank-verify.app.example.com.). If one form fails, try the other.

"Certificate failed to issue"

Most common causes:

  • DNS doesn't point at Inhank Cloud yet. Let's Encrypt has to reach Inhank Cloud over HTTP to verify ownership. Confirm with:
    dig +short app.example.com
    The IP returned must match the value Inhank Cloud showed when you added the domain.
  • A CAA record forbids Let's Encrypt. Check with:
    dig +short CAA example.com
    If you see CAA records but none of them allow letsencrypt.org, add one: 0 issue "letsencrypt.org". Or remove the CAA records entirely.
  • Cloudflare proxy is on too early. Set the route record to DNS only (grey cloud) until the certificate is Active, then switch back if you want.

After fixing, click Re-issue certificate in the dashboard.

"Verified and Active but the URL still 404s"

The Ingress configuration is refreshed on every release. If you added the domain after your last deployment, click Redeploy to apply the new domain config.

If the URL still 404s after a redeploy, double-check that your service is actually running (one or more Live instances in Resource Usage).

"HTTPS works but HTTP returns 301"

This is by design. All HTTP traffic is permanently redirected to HTTPS. There's no way to disable this.

Best practices

  • Verify domains before flipping live traffic to them. Verification + certificate take a few minutes; you don't want users hitting a half-set-up domain in that window.
  • Add both apex and www. for any brand domain. Redirect one to the other in your application code, or via DNS-level forwarding at your provider.
  • Use a separate domain for staging (e.g. staging.example.com) so you can test changes safely.

On this page