I'm currently in the process of putting together a SAAS offering that will give users a unique url e.g
app.com/usernameI want the ability to allow them to use their own custom domain. I obviously want to use SSL/https for this but also require as little work as possible on the users part. Possibly only updating some DNS records such as a cname etc.
For the certificates I planned to use LetsEncrypt and by the looks of things I will need to use a separate server to issue the certificates and then use the REST api to send them to gcloud. However one issue I will run into is that I won't be able to verify the custom domains of the other users. I could, in theory create each user their own subdomain e.g
username.app.com for them to cname to if this makes things easier? Or should I actually use A records and point them to my app engine instance that way?
Is there a way to do this with App Engine? I'm not all up to date with containers etc. and App Engine is perfect for me in terms of the scaling factor without having to worry about infrastructure. But I'm wondering if I'm barking up the wrong tree in trying to achieve what I want.
I think I'll have to use DNS validation from a LetsEncrypt side as well as HTTP validation won't work as I won't be able to create the required challenge files on the app engine server either for each domain.
Otherwise my only other idea is having a single server responsible for creating the certs which can template the virtual hosts, but even then I don't think the cname redirects will work for all the custom domains on App engine as I won't be able to verify them.
I would love to know how things like app engine and firebase actually achieve this.