Secure your Elvanto custom domain with SSL certification through our easy-to-follow guide. Learn two main methods to set up SSL: using flexible SSL with third-party DNS providers like Cloudflare or AWS CloudFront, or employing your own SSL certificate. Plus, discover the necessity of a Google API Key for integrating Google Maps and Recaptcha V2. Ideal for churches aiming to ensure secure and encrypted connections, this guide walks you through each step, from choosing a DNS provider to configuring SSL certificates, ensuring a safe online environment for your church management activities.
At Tithely we only allow secure connections to our application. This means an SSL Certificate is required for a custom domain name to work.
There are two ways to set up SSL with Elvanto on your custom domain:
- Use a flexible SSL (using a third-party DNS provider like Cloudflare or AWS CloudFront)
- Use your own SSL certificate (using a TLS Termination Proxy)
You will also need an API Key from Google for the following features:
- Google Maps and Geocoding
- Google Recaptcha V2
Here's a video you can watch that walks you through this process.
Caution
We cannot provide support for custom domains or 3rd party SSL certificates, please reach out to 3rd party (such as your domain provider) for support. Please ensure you have the ability to add an SSL Certificate to your domain prior to proceeding.
Using a Cloud Proxy Service (Cloudflare, Cloudfront or similar)
Setting up your CNAME record for your DNS Host
Depending on the DNS host you use, you may be able to add this record yourself, or you may need your host to add it for you. If you are not sure, get in touch with your hosting provider. Keep in mind that it is possible that your web host and your DNS host are different providers.
-
Go to your DNS provider’s website (e.g. Cloudflare or Namecheap). If you’re choosing one for the first time, go with one that supports SSL.
-
Create a CNAME (‘canonical name’) record for your custom domain.
-
Point it at the Elvanto host domain for your region.
The relevant host region for your domain would be as follows:
-
AU: cname.elvanto.com.au
-
US: cname.elvanto.net
-
EU: cname.elvanto.eu
It should mirror your account's existing URL that you've previously been using.
How to Create a Custom Cname Record With Cloudflare
These steps will vary, so check with your own DNS provider for support.
As an example, here’s how to set up a CNAME record with Cloudflare:
-
Set up Cloudflare as the resolver for your custom CNAME by changing your domain nameserver to Cloudflare.
-
Go to the ‘DNS’ section in Cloudflare and add a CNAME record for your custom domain.
-
Point it at the Elvanto host domain for your region, outlined above.
Configuring SSL Certificates
TSL, more commonly called SSL, is the most widely used way to secure the connection between your server and your browser. It ensures the connection between the server and browser is encrypted and safe and appears as HTTPS.
Here’s what an SSL-configured website (with HTTPS) typically looks like on the Chrome browser:
This is what it looks like if you’ve visited a website not secured by SSL (without HTTPS):
You should configure SSL for your custom domain to keep sensitive information encrypted. If you want to do this, make sure you’ve set up your CNAME with a DNS provider that supports SSL, like Cloudflare.
Important Notes and Considerations
DNS changes can sometimes take up to 72 hours to take effect but are typically much faster.
How to Configure SSL With Cloudflare
Simply go to the ‘Crypto’ section and change SSL to ‘Flexible’ or ‘Full’.
Don’t choose ‘Full (Strict)’ as this will result in an invalid SSL certificate. To force HTTPS to be used by default, you can scroll down the page and select “Always use HTTPS”. You can also configure HTTP Strict Transport Security (HSTS) which helps with this as well. These are our recommended settings for this:
-
Max-Age: 12 Months
-
Include subdomains: Off
-
Preload: Off
Once done, view the instructions on setting up the domain name in your account at the bottom of this page.
Important Note: If using Cloudflare, please make sure Rocket Loader is disabled either through a page rule just for this sub-domain, or for your account. Rocket Loader is known to cause issues with certain aspects of our site.
How to Configure SSL with AWS
Go to the ‘CloudFront’ page within your account and click on ‘Create Distribution'.
Click on the ‘Get Started’ button under the ‘Web’ heading.
On the ‘Create Distribution’ page:
-
Enter the Elvanto host domain for your region in the ‘Origin Domain Name’ field
-
Change ‘Origin Protocol Policy’ to ‘HTTPS Only’
-
Change ‘Viewer Protocol Policy’ to ‘Redirect HTTP to HTTPS’
-
Change ‘Allowed HTTP Methods’ to ‘GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE’
-
Change ‘Cache Based on Selected Request Headers’ to ‘All’
-
Change ‘Forward Cookies’ to ‘All’
-
Change ‘Query String Forwarding and Caching’ to ‘Forward all, cache based on all’
-
Add your custom domain to the ‘Alternate Domain Names (CNAMEs)’ text box
-
Choose the SSL Certificate you created for your custom domain under ‘SSL Certificate’
-
Click ‘Create Distribution’
CloudFront distribution will take some time to deploy. Once deployed go to ‘Route 53’ in your AWS account. Go to the ‘Hosted Zones’ area and click on the domain name that matches your custom domain.
Click the ‘Create Record Set’ button and then enter your custom domain into the ‘Name’ field. Keep the ‘Type’ set as an A record and then set ‘Alias’ to ‘Yes’. In the ‘Alias Target’, find your CloudFront distribution, click on it and then click ‘Create’.
Once done, view the instructions on setting up the domain name in your account at the bottom of this page.
Using Your Own SSL Certificate via Tls Termination With Apache or Nginx
If you're unable to use Cloudflare or AWS CloudFront, or if you wish to host your own security certificates, you can do so through a TLS termination proxy. You’ll need to edit the configuration file on your proxy web server.
If you are going to use this method, instead of adding the CNAME records mentioned above, you'll need to add DNS Records that point directly to the server you'll be hosting this on.
The following instructions will reference cname.elvanto.net as the proxy destination. Please ensure you use the correct hostname for your region.
-
AU: cname.elvanto.com.au
-
US: cname.elvanto.net
-
EU: cname.elvanto.eu
This does not go into your DNS records though, but rather into your webserver's setup, discussed below.
How to Configure SSL with Apache
The following example assumes you've already set up a server with Apache running. The following Apache config can be used to proxy your requests to our servers.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName chms.custom-domain.com # specify your custom domain here
SSLEngine on
SSLProxyVerify none
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /path/to/your/fullchain.pem
SSLCertificateKeyFile /path/to/your/privatekey.pem
ProxyPreserveHost On
ProxyPass / https://cname.elvanto.net/ # Or cname.elvanto.com.au or cname.elvanto.eu
ProxyPassReverse / https://cname.elvanto.net/ # Or cname.elvanto.com.au or cname.elvanto.eu
</VirtualHost>
</IfModule>
Once done, view the instructions on setting up the domain name in your account at the bottom of this page.
How to Configure SSL with NGINX
The following assumes you've already set up an NXINX Webserver and the relevant DNS entries.
Once done, the following config can be used to proxy requests back to our servers.
resolver 8.8.8.8; # use own DNS server if you have one
server {
listen 443 ssl;
server_name chms.custom-domain.com; # replace this with your domain
ssl_certificate /path/to/your/fullchain.pem;
ssl_certificate_key /path/to/your/privatekey.pem;
location / {
# using "set" is important as IP addresses of Tithely ChMS servers
# changes dynamically. "set" enables nginx to follow dynamic IPs
set $tithelyChms "https://cname.elvanto.net:443"; # Or cname.elvanto.com.au or cname.elvanto.eu
proxy_set_header Host $host;
proxy_pass $tithelyChms;
}
}
There are many ways to set up your own SSL certificate - we recommend looking into services such as Let’s Encrypt as these are easy to install and free. However, we can’t guarantee that we can support every type of proxy setup. If you have specific needs, we can't support you in configuring them.
While most modern browsers support SNI, a few older ones don’t. If you’re supporting those browsers, you should use your own SSL certificate instead. Check with your DNS provider to see if this option is available.
Once done, view the instructions on setting up the domain name in your account at the bottom of this page.
Enter Your Custom Domain in Elvanto
Once your CNAME record has propagated, you can then set up your custom domain name. You’ll know it has propagated when you visit the domain name and you receive a ‘Custom Domain Ready’ message on the screen.
You can then go to Settings > Layouts within your account. Edit the Layout if you wish to add the custom domain.
Under the ‘Custom Domain’ heading, enter the URL you want to use (e.g. chms.example.com).
Important Note: For Google and Recaptcha API Keys go to Settings > Layouts > API Keys. The google API key needs to have calendar access in order to work properly.