Skip to main content
Secure Domain Access - Configure your domain with SSL certificate and DNS routing to enable secure HTTPS access to Relvy.

Overview

This section guides you through configuring your domain for secure access to your self-hosted Relvy running on Kubernetes. The Kubernetes Ingress controller will automatically provision a load balancer when you deploy Relvy.

What We’ll Configure

  • SSL Certificate - Create and validate SSL certificate for HTTPS encryption (AWS ACM, Google-managed SSL, or cert-manager)
  • DNS Records - Configure CNAME records for domain routing and certificate validation
  • Domain Routing - Route domain traffic to the Kubernetes Ingress load balancer

Step 1: Create SSL Certificate

For AWS (ACM)

You can create an SSL certificate using either AWS Console or CLI. Step 1.1: Request Certificate 
# Request SSL certificate for your domain
aws acm request-certificate \
  --domain-name relvy.yourdomain.com \
  --validation-method DNS \
  --region us-east-1

# This will return a certificate ARN - save it!
Save the certificate ARN from the output: 
# Set the certificate ARN as an environment variable
CERTIFICATE_ARN=arn:aws:acm:us-east-1:xxxxx:certificate/xxxxx
Step 1.2: Get Validation Records 
# Get DNS validation records
aws acm describe-certificate \
  --certificate-arn $CERTIFICATE_ARN \
  --region us-east-1
This command will show the CNAME records you need to add to your DNS provider. Step 1.3: Verify Certificate Status 
# Check certificate status
aws acm describe-certificate \
  --certificate-arn $CERTIFICATE_ARN \
  --query 'Certificate.Status' \
  --output text \
  --region us-east-1

# Wait until the status shows: ISSUED

Option B: Using AWS Console

Navigate to AWS Certificate Manager → Request certificate Certificate Configuration:
FieldValue
Certificate typeRequest a public certificate
Domain namerelvy.yourdomain.com (or your chosen subdomain)
Validation methodDNS validation
Key algorithmRSA 2048
Domain Planning - Choose a subdomain that makes sense for your organization. Common patterns include relvy.company.com, app.company.com, or incidents.company.com.
Console Validation Steps: After creating the certificate, AWS will provide CNAME records for validation:
  1. Note the CNAME records - AWS will show you the exact CNAME name and value
  2. Copy both values - You’ll need these for DNS configuration
  3. Wait for validation - Don’t proceed until the certificate is issued
Example CNAME Record
Name: _abc123def456.yourdomain.com
Value: _abc123def456.abcdefghijk.acm-validations.aws.
Certificate ARN Format: arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012

For Google Cloud (GKE)

Google Cloud offers managed SSL certificates that are automatically provisioned: 
# Create managed certificate (will be referenced in Ingress)
gcloud compute ssl-certificates create relvy-ssl-cert \
  --domains=relvy.yourdomain.com \
  --global
The certificate will automatically provision once DNS is configured and the Ingress is created.

For Other Kubernetes (cert-manager)

For self-managed clusters or Azure, use cert-manager with Let’s Encrypt: 
# Install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml

# Create ClusterIssuer for Let's Encrypt
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: your-email@yourdomain.com
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx
EOF

Step 2: Configure DNS for Certificate Validation

In your Domain Management System (GoDaddy, Namecheap, Route53, etc.), add the certificate validation CNAME.

2.1 Certificate Validation CNAME (AWS ACM)

Add the CNAME record provided by AWS for certificate validation:
TypeNameValueTTL
CNAME<copied from AWS CNAME record><copied from AWS CNAME record>600
Domain Registrar Tips
GoDaddy: For relvy.yourcompany.com, use just the subdomain part as the name
Namecheap: Use the full CNAME name as shown
Route53: Create the record in your hosted zone (or use CLI above)

2.2 Wait for Certificate Validation

# Check certificate status (AWS)
aws acm describe-certificate \
  --certificate-arn arn:aws:acm:us-east-1:xxxxx:certificate/xxxxx \
  --query 'Certificate.Status' \
  --output text

# Should show: ISSUED
DNS Propagation - DNS changes can take 5-30 minutes to propagate. Wait for the certificate status to show “ISSUED” before proceeding.

Step 3: Save Certificate Information

You’ll need the SSL certificate information for the Helm deployment step:
  • AWS: Save the Certificate ARN (e.g., arn:aws:acm:us-east-1:xxxxx:certificate/xxxxx)
  • GCP: Save the certificate name created in Step 1
  • cert-manager: The certificate will be automatically provisioned during deployment

Step 4: Get Ingress Load Balancer Address (After Deployment)

After deploying Relvy with setup script provided you’ll need to configure your domain routing (covered in the next section).

Summary

At this point, you should have:
  1. SSL Certificate - Validated and issued (ACM, Google-managed, or cert-manager)
  2. Certificate ARN/Reference - Saved for Helm deployment configuration
  3. DNS Validation - CNAME record added for certificate validation
Important - You’ll add the domain routing CNAME after deploying Relvy, once the Ingress load balancer is created.

Next Steps

Your SSL certificate is ready! Proceed to:
  1. Setup Slack Integration (Optional) - Create Slack app in Slack Setup
  2. Deploy Relvy - Install Relvy using Helm charts in Application Deployment