Skip to content

SOP: Adding a Custom Domain for a Brand

This SOP covers the end-to-end process for setting up a custom domain for a brand on Trove. It involves two roles — the brand manager (the person managing the brand relationship) and the dev team (the engineer completing the technical steps).

Overview

When a brand wants their gifting portal on a custom domain (e.g. corporateorders.mybrand.com instead of the default Trove subdomain), two things need to happen:

  1. DNS validation - the brand adds CNAME records to their DNS so AWS can validate domain ownership and issue an SSL certificate
  2. ACM certificate update - a new SSL certificate is requested in AWS Certificate Manager (ACM) that covers all existing domains plus the new one, then attached to the CloudFront distribution

ACM certificates are immutable - domains cannot be added to an existing certificate. A new certificate must be requested every time a new domain is added.

Process Summary

Step Who
1. Raise the request Brand Manager
2. Request new ACM certificate Dev Team
3. Retrieve CNAME records and update ClickUp Dev Team
4. Send DNS email to the brand Brand Manager
5. Notify dev once brand confirms DNS is added Brand Manager
6. Validate, attach certificate, verify, clean up Dev Team

Step 1 - Raise the Request

Role: Brand Manager

Before any technical work begins, create a ClickUp task to track the request.

Create the ClickUp task

  • Title: Add custom domain - [domain name] for [brand name]
  • Description: Brand name, the custom domain being added, and who requested it
  • Assignee: Joshua Curci
  • List: SSL Requests

Notify on Slack

Post a message in #trove-customers on Slack with a link to the ClickUp task:

Custom domain request for [Brand Name] - [domain]. ClickUp task: [link]

Steps 2 & 3 - Request Certificate and Retrieve CNAME Records

Role: Dev Team

Step 2 - Request a new ACM certificate

Region

For CloudFront, the certificate must always be in us-east-1 (N. Virginia). Make sure you are in the correct region before starting.

  1. Sign in to the AWS Console and open Certificate Manager (ACM)
  2. Switch to the us-east-1 region
  3. Open the currently active certificate and copy the full list of domains shown under Domains (the primary domain plus every SAN)
  4. Click Request certificate
  5. Select Request a public certificateNext
  6. Under Fully qualified domain name:
  7. Enter the primary domain first
  8. Click Add another name to this certificate for every existing domain from the current certificate
  9. Add the new brand domain at the end
  10. Set Allow export to Disable export
  11. Set Validation method to DNS validation - recommended
  12. Set Key algorithm to match the existing certificate (usually RSA 2048)
  13. Click Request

Domain limit

By default ACM certificates support up to 10 domains. The limit on this account has been increased to 50.

Step 3 - Retrieve the CNAME records

  1. Open the newly requested certificate - status will show Pending validation
  2. Under Domains, each entry shows a CNAME Name and CNAME Value
  3. For domains already validated previously, the same CNAME may appear - if that record still exists in DNS, validation will happen automatically
  4. For the new domain, copy its CNAME Name and CNAME Value

The brand needs two CNAME records in total:

Record Name / Host Value / Points To
Record 1 (routing) [their-custom-domain] [their-trove-subdomain].mytrove.site
Record 2 (ACM validation) _[acm-validation-token].[their-custom-domain] _[acm-token].jkddzztszm.acm-validations.aws

Record 1 points their domain to Trove's infrastructure. Record 2 is the ACM DNS validation record.

Notify the brand manager

Once you have both CNAME records:

  1. Add the full CNAME details to the ClickUp task description so the brand manager has everything they need to send the email
  2. Reply to the original #trove-customers Slack message to confirm the details have been added:

CNAME records are ready - details added to the ClickUp task. [Brand Manager name] to send the DNS email to the brand.

Step 4 - Send the DNS Email to the Brand

Role: Brand Manager

Once you receive the Slack notification that the CNAME details are in ClickUp, copy them from the task and send the following email to the brand's primary contact.

Subject: DNS setup required - [their-custom-domain]

Hi [NAME],

To finalise the setup of your new corporate gifting portal at [their-custom-domain] your DNS or website hosting provider (e.g. GoDaddy, Cloudflare, or whoever manages your domain) just needs to add two new CNAME records.

Please share the following details with them:

Record 1 Type: CNAME Name / Host: [their-custom-domain]. Value / Points To: [their-trove-subdomain].mytrove.site. TTL: 3600 (or leave default)

Record 2 Type: CNAME Name / Host: _[acm-validation-token].[their-custom-domain]. Value / Points To: _[acm-token].jkddzztszm.acm-validations.aws. TTL: 3600 (or leave default)

They should copy both the Name and Value exactly as shown (including underscores and trailing full stops).

DNS updates usually take effect within a few hours (sometimes up to 24 hours). Once added, please let me know so we can verify and complete the setup on our side.

I'm happy to be CC'd on the email to their team in case they have any questions directly.

[YOUR NAME]

Tip

Offer to be CC'd on the email the brand sends to their DNS provider - this avoids back-and-forth if there are any questions about the exact record format.

Step 5 - Notify Dev Once Brand Confirms DNS is Added

Role: Brand Manager

Once the brand confirms they have added the DNS records, reply to the #trove-customers Slack thread to let the dev team know they can proceed:

[Brand Name] has confirmed DNS records have been added - ready to complete the setup.

Steps 6-8 - Validate, Attach, Verify and Clean Up

Role: Dev Team

Step 6 - Wait for validation

  • ACM polls DNS every few minutes
  • Once the CNAME record is detected, the domain status changes to Success
  • When all domains are validated, the overall certificate status becomes Issued
  • This typically takes 5-30 minutes but can be longer depending on DNS propagation

Step 7 - Attach the new certificate to CloudFront

  1. Open the CloudFront console and find the distribution (E22F11EVW3T8MU)
  2. Go to GeneralEdit
  3. Under Custom SSL certificate, select the new certificate
  4. Under Alternate domain names (CNAMEs), add the new domain
  5. Save changes and wait for the distribution to deploy (status will change from In Progress to Deployed)

Step 8 - Verify

  1. Test the new domain over HTTPS in a browser or via: 
    curl -vI https://[new-domain]
    The certificate shown should be the new one with no errors.
  2. Test a few existing domains to confirm they still resolve correctly
  3. Check application logs for any TLS errors

Step 9 - Clean Up

  • Leave the old certificate in ACM for a few days as a rollback option
  • Once you are confident nothing references the old certificate, delete it from ACM
  • Mark the ClickUp task as done
  • Reply in the #trove-customers Slack thread to confirm the domain is live so the brand manager can notify the brand