Custom Domain Certificates

Overview

ClawCloud Run integrates cert-manager for automated TLS certificate management. While the platform auto-generates and renews certificates when configuring domains via the Application Management dashboard, you can also use custom certificates for full control.

⚠️ Prerequisite: Ensure your custom domain is already configured before proceeding.

Step 1: Create a TLS Secret

1. Open the Terminal in ClawCloud Run.

2. Run the following commands to generate TLS files and create a Kubernetes Secret:

   Copy

   # Create tls.crt (replace "xxxx" with your certificate content)  
   cat > tls.crt <<EOF
   -----BEGIN CERTIFICATE-----
   xxxx
   -----END CERTIFICATE-----
   EOF
   ​
   # Create tls.key (replace "xxxx" with your private key)  
   cat > tls.key <<EOF
   -----BEGIN RSA PRIVATE KEY-----
   xxxx
   -----END RSA PRIVATE KEY-----
   EOF
   ​
   # Create the TLS Secret  
   kubectl create secret tls <secret-name> --cert tls.crt --key tls.key
   ​
   # Verify the Ingress associated with your app  
   kubectl get ingress

Step 2: Update Ingress Configuration

Bind the custom certificate to your application’s Ingress:

# Replace:  
# - "clawcloud.xyz" with your domain  
# - "network-xxx" with your Ingress name  
# - "network-test" with your Secret name  
kubectl patch ingress <ingress-name> -p '{"spec":{"tls":[{"hosts":["your-domain.com"],"secretName":"<secret-name>"}]}}'

Verification

Access your application via the custom domain. The padlock icon in the browser should confirm HTTPS is active.

Key Notes

• 🔒 Security: Never commit certificate files (tls.crt/tls.key) to version control.

• 🔄 Renewals: For custom certificates, manually renew and update the Secret before expiration.

• ⚠️ Formatting: Ensure certificates and keys use correct PEM encoding.

Example Workflow:

1. Deploy an app with a custom domain app.yourbrand.com.

2. Generate a Let’s Encrypt certificate locally.

3. Create a Secret named prod-tls.

4. Patch the Ingress to reference prod-tls.