Domain Masking

Using your own domain is probably to the main reason why a company goes for a White Label account. For technical and security reasons, this will require some setup in your DNS settings.

First choose a subdomain e.g. qr.mydomain.com under which your platform will be available to your users. Now create a CNAME entry for your chosen subdomain pointing to <YOUR_HASH_ID>.webapp-portal.com.

You will see the hash ID in your account in the branding section.

Depending on your provider you may need to create the subdomain before adding the CNAME entry. The following list explains how to create a CNAME record for different registrars:

• Google
  
• Cloudflare
• GoDaddy
• NameCheap
• Bluehost
• Hostgator
• Network Solutions
• DD24
  

Yes, the domain for the CNAME entry has changed from qr.webapp-portal.com to <YOUR_HASH_ID>.webapp-portal.com.

You will see the hash ID in your account in the branding section.

You can continue to use the old domain. We will inform you in good time if the domain changes are mandatory so that you have enough time to change it.

The background is not to route all white label customers over the same domain and to be flexible on our part to move certain customer segments to other servers if necessary.

Log into your white label account as admin user. Click on Branding in the main menu and go to the section Production Domain

Now enter your chosen subdomain in the input field Production Domain. If the CNAME record was set successfully your domain will be saved when you click on Set Production Domain. Please note that it may take up to 24 hours for your DNS settings to be globally propagated.

Since it takes some time until the CNAME entry is globally available on all name servers, you can check the propagation of your subdomain with whatsmydns.net. This website lets you instantly perform a DNS lookup to check your subdomain DNS record information against multiple nameservers located in different parts of the world. Another expert tool for checking your CNAME record is digwebinterface.com 

Once you type in your domain, e.g. qr.yourdomain.com, in the browser you should see the following screen. It means that your CNAME record is properly pointing to our servers.

Now that you have learned how to globally set a production domain for your white label platform you can do the same for individual users. To do so click on Users in the administrator menu. Now click on the pencil of the user you want to assign a custom subdomain.

Navigate to Production Domain in the user settings and enter the subdomain. If the CNAME is correctly propagated the domain will be saved when you click on Set Production Domain.

You can set a root domain for your Short URLs, e.g. myshortdomain.com. However, most internet providers will not let you create a CNAME record for your root domain.

If creating a CNAME entry for your root domain is not possible at your current registrar, please sign up for Cloudflare's Free Plan that allows you to add a CNAME entry to a root domain in a GDPR-compliant manner.

This process will not cause downtime and your domain will stay at your current registrar.

1. Sign up for Cloudflare's Free Plan
2. Go to Cloudflare | Websites and create a new site by clicking on Add new site
3. Enter your domain and click on Continue 
4. Choose the Free plan at the bottom and click on Continue
5. Cloudflare is trying to pull the DNS settings from your current registrar. Make sure all DNS settings show up and uncheck the Proxy status for all DNS entries (orange switch). If there are DNS settings missing you can re-create them in Cloudflare.
6. Replace your nameservers at your registrar with the one's of Cloudflare shown under Your assigned Cloudflare nameservers
7. Click Continue and Finish later in the Quick Start Guide
8. Go to Cloudflare | DNS
9. Delete the A-Record for the root domain first, if one exists by clicking on Edit next to the root domain and then on Delete
   
10. Click on Add Record and select CNAME as type
    
11. Enter the root sign @ under Name and as Target put <YOUR_HASH_ID>.webapp-portal.com
12. Leave the Proxy status off and now click on Save.

If you experience any connection problems because of SSL with the error code ERR_ECH_FALLBACK_CERTIFICATE_INVALID, turn the Proxy Server on.

Tip: to secure your Cloudflare account use Two-Factor Authentication under My Profile | Authentication

Caution: Your registrar must support changing the internal nameservers to the ones of Cloudflare. If you cannot change the nameserver please get in contact with your registrar. You can validate if your primary nameserver is pointing to a Cloudflare nameserver by checking the SOA-Record for your domain with the Dig Webinterface or in the console:

If you can see a string containing .cloudflare.com you are set.

After the DNS settings have been propagated you can choose your custom root domain in our branding section.

If you don't want to use free Cloudflare's plan you can use one of the following paid services.

• DNS Simple
• DNS Made Easy
• Easy DNS

If you are using Cloudflare please un-proxy your custom domain first. Otherwise, your CNAME record will not point to our servers. You can do this by going to your DNS-Settings and editing the subdomain. In the example below we use "test" as subdomain.

Once the subdomain expands click on the orange proxy icon. It will turn gray and the proxy will be disabled. Now you can set the custom domain in your branding section

Browsers typically display error messages when redirect loop errors occur, such as ERR_TOO_MANY_REDIRECTS. The typical cause of a redirect loop error is when Cloudflare SSL options are incompatible with your origin web server’s configuration.

• If currently set to Flexible, update to Full if you have an SSL certificate configured at your origin web server.
• (Not Recommended) If currently set to Full, update to Flexible.

Source: Cloudflare Support

Once you successfully setup your custom domain, we will add an SSL-certificate to your domain within the next 48 hours. Our SSL certificates are issued through letsencrypt and Google. Some registrars/hosting providers may require whitelisting Certificate Authorities to issue certificates for your domain. If your certificate is not active 24 hours after you sign up, you will need to create the following CAA records on your DNS entries:

• Type: CAA
• Flag: 0
• Tag: issue
• Value: letsencrypt.org

• Type: CAA
• Flag: 0
• Tag: issue
• Value: pki.goog

You can also use the online web interface digwebinterface.com or sslmate.com/caa to check if you have set a CAA-Record.

CAA entries are not mandatory but when we check for a CAA entry the DNS server managing your domain must return a result. However, CAA queries may timeout in some cases.

This happens when the authoritative name server never replies with an answer at all, even after multiple retries. Most commonly this occurs when your nameserver has a misconfigured firewall in front of it that drops DNS queries with unknown qtypes. Please file a support ticket with your DNS provider, share your case and ask them if they have such a firewall configured.

To upload the certificate, please log in to your account and open the Branding section. There you will find the link to upload your own SSL certificate under the Productive Domain. 

Click on the link Add custom SSL certificate to open the popup window and choose the certificate file and then the certificate private key file. Finally click on the Upload button and the certificate will be installed within few minutes.

We will contact you shortly before the certificate expires. You will receive an email 60 and 30 days before the certificate expires asking you to renew the certificate.