SSL Certs and Custom Domains (CNAME)

Hi everyone,

I’m seeking advice on improving the architecture of our domain management system. Here’s the current setup:

Our service allows users to connect their custom domains by creating CNAME records pointing to a subdomain on our platform. Currently, we handle SSL certificates by:

  1. Using Fly.io’s API to automatically generate certificates for each custom domain
  2. Managing these certificates within a single Fly application

The concern I have is that this approach tightly couples all user domains to a single Fly app. I’m looking for suggestions on:

  • How to make this architecture more resilient and loosely coupled
  • Alternative approaches to managing certificates for multiple user domains
  • Best practices for scaling this kind of multi-tenant domain setup

Has anyone implemented something similar or have recommendations for a more robust approach?

Thanks in advance for any insights!