How do I automatically provision SSL certificates for a custom blog domain?
Point your A record to your server, flip Auto-SSL on in the dashboard, and Let's Encrypt handshake is handled automatically — including 30-day renewals.
To automatically provision an SSL certificate for your custom VeloCMS blog domain, simply point your domain's A record to your server's IP address and toggle the Auto-SSL feature inside your dashboard. The system handles the entire Let's Encrypt handshake behind the scenes, securing your site in seconds.
Why does my blog need an SSL certificate right away?
Nobody wants to see that glaring "Not Secure" warning when they land on your shiny new blog. Since VeloCMS is built as a blazing-fast, AI-first platform on Next.js and PocketBase, we baked enterprise-grade security right into the core. You don't have to wrestle with clunky third-party plugins just to get a padlock icon next to your URL. Think of an SSL certificate as a digital bouncer that encrypts the traffic between your readers and your content, making sure nobody can snoop on the connection. Search engines actually penalize sites without it, so having that certificate active from day one isn't just about peace of mind — it is absolutely crucial for getting your articles to rank.
What DNS records do I need to update first?
Before VeloCMS can grab that certificate for you, the broader internet needs to know where your domain actually lives. You'll need to hop into your domain registrar (whether that happens to be Namecheap, Cloudflare, or GoDaddy) and tweak your DNS settings. Just find your domain's primary A record and point it directly to your VeloCMS server's IPv4 address. Here is a specific pro tip to save you a massive headache: drop the TTL (Time to Live) setting down to the lowest possible number right before you change the IP. Doing this forces the global DNS servers to broadcast your new address almost instantly, rather than making you wait around for hours wondering why your site is still showing an error page. Give it a few minutes to propagate across the web.
How do I trigger the automated provisioning process?
Once your DNS records are actively pointing to your server, the rest is a total breeze. Head over to your VeloCMS dashboard and navigate to the domain settings area. You'll see a simple toggle labeled for automatic SSL provisioning. Flip that switch. Under the hood, our PocketBase backend reaches out to the certificate authority and handles all the messy validation handshakes for you. There is no need to mess around with command-line tools, generate private keys, or upload confusing text files to a hidden server directory. The platform just does its thing, grabbing the certificate and binding it to your Next.js frontend without breaking a sweat.
What happens when the certificate eventually expires?
You might be wondering if you'll have to set a calendar reminder to do this all over again in ninety days. Thankfully, you don't. The real beauty of leaving the bloated, expensive WordPress ecosystem behind is ditching that constant maintenance anxiety. VeloCMS runs a silent background job that keeps a watchful eye on your certificate's expiration date. When you hit the thirty-day mark before expiration, the system quietly negotiates a brand new certificate and swaps it out without dropping a single reader's connection. Your audience won't notice a thing, and your blog stays locked down tight.
Setting up a custom domain shouldn't require a computer science degree, and now it really doesn't. You get to focus entirely on writing great content with our AI tools while the platform keeps the bad guys out. If you ever run into a snag where the certificate isn't provisioning after an hour, just double-check your DNS propagation or reach out to our support crew. We've always got your back.