Vue Storefront is now Alokai! Learn More
Custom Domains

Custom Domains

The documentation only applies to instances deployed on Alokai@Edge.

Custom domains allow you to expose your Storefront through your own domain and configure TLS using either an Alokai-managed certificate or a self-managed certificate.

General behavior

  • The Default domain is enabled by default.
  • The Default domain can be disabled only if at least one Custom Domain is added.
  • Custom domains are not enabled or disabled individually — they are added or removed.
  • Each domain must be associated with a certificate.

Choose certificate type

Before adding a domain, decide who manages the certificate.

Use Managed by Alokai if:

  • You want automatic certificate issuance and renewal.
  • You do not want to upload or rotate certificates manually.
  • You prefer DNS-based ownership verification.

This option requires domain ownership verification and DNS configuration before activation.

Use Self-managed certificate if:

  • You already manage certificates externally.
  • You require a specific CA or certificate policy.
  • You use wildcard or multi-domain certificates centrally.

This option requires a valid certificate uploaded at the organization level.

Managed by Alokai

Alokai provisions and manages the TLS certificate.

After adding the domain, ownership must be verified via DNS before the certificate can be issued.

The verification process consists of two steps:

  1. Verify domain ownership using ACME DNS challenge.
  2. Configure HTTP validation routing using either:
    • ACME HTTP challenge / CNAME record (recommended)
    • ACME HTTP challenge / A records (IPv4)

Step 1 — ACME DNS challenge

Purpose

This step verifies domain ownership before certificate issuance.

Configuration

Create a CNAME record for _acme-challenge.<domain> pointing to the validation host provided by the Alokai Console.

Additional information

  • This verification is performed via DNS only.
  • It does not require the domain to resolve to Alokai@Edge.
  • DNS propagation must complete before validation can succeed.

Step 2 — Configure HTTP challenge routing

After ownership is verified, configure how the domain routes traffic to Alokai@Edge.

Two configuration options are available.

When to use

  • Your DNS provider supports CNAME records.
  • You want the simplest and most common configuration.
  • You are using standard Alokai@Edge routing.

Configuration

Configure the domain as a CNAME pointing to the Fastly hostname provided by the Alokai Console.

Additional information

  • Validation occurs over HTTP.
  • The domain must resolve correctly to Alokai@Edge.
  • This is the recommended configuration for most environments.
  • DNS propagation must complete before validation can succeed.

ACME HTTP challenge / A records (IPv4)

When to use

  • Your DNS provider does not allow CNAME records.
  • You are required to use A records.
  • You need direct IPv4 mapping.

Configuration

Create A records pointing to the IPv4 addresses provided by the Alokai Console.

Additional information

  • AAAA (IPv6) records are not supported with this method.
  • Validation occurs over HTTP.
  • DNS propagation must complete before validation can succeed.

Self-managed certificate

You provide and manage your own TLS certificate.

Requirements

  • The certificate must already be uploaded on the Certificates page (organization level).
  • The certificate must be valid and not expired.

During domain assignment, the system validates the domain against the certificate’s SAN list. Only exact matches or valid wildcard coverage are accepted. If validation fails, the domain cannot be added.

Additional information

  • No ACME verification is required.
  • The certificate assigned to a domain can be changed later.