Enabling HTTPS for systems with custom domain names

Getting there

To manage the domain names of your LibApps sites, go to Admin > Domains and Certificates.

Navigating to the Domains and Certificates page


How do I know if a site has a custom domain name?

The domain names of LibGuides, LibAnswers, and LibCal sites can be customized. If your own site's domain name does not end with any of the following, then you have a custom domain name:

  • libguides.com
  • campusguides.com
  • libanswers.com
  • libcal.com

Because custom domain names are not covered by Springshare's own security certificates, you will need to obtain and upload your own in order to enable HTTPS. You'll need to work with your IT staff to complete the following steps on this page.


Step 1. Modifying the endpoint for your CNAME records

As you prepare to add HTTPS support for your custom domain name, the first thing you'll need to do is modify the endpoint for your site's CNAME records. This will ensure that your domain name is pointing to the correct server for managing secure traffic. Ask your IT staff to follow the steps below to set this up.

  1. Ask your IT staff to create or modify CNAME records for your domain name, pointing them to the appropriate product's server.
    • These should be added for both your internal and external nameservers.
    • See the table below for a complete list of server addresses by product and region.
  2. Test out your domain name using our DNS Mapping Tool.
    • If you get a success message, then you're ready to proceed to the next step. (Note: you may need to allow a little time for the changes to propagate across the internet before they will be detected by the mapping tool.)
    • If you do not get a success message, then double check that the CNAME records are pointing to the correct server and try again. Also, confirm that a CNAME record was properly configured on your external name server.
Product Canada Europe Everyone Else
LibAnswers region-ca.libanswers.com region-eu.libanswers.com region-us.libanswers.com
LibCal region-ca.libcal.com region-eu.libcal.com region-us.libcal.com
LibGuides region-ca.libguides.com region-eu.libguides.com region-us.libguides.com

My IT department says we have to use an A record. What do I do now?

We strongly advise customers to use CNAME records because it provides your site with a lot of performance advantages compared to an A record. That's because an A record locks you into a specific server, whereas a CNAME record will allow your site to switch to different servers as conditions change. That's all thanks to the nifty features built into our cloud hosting infrastructure. :)

For example, if a server's load becomes really high or happens to go down for some reason, sites using CNAME records will seamlessly switch to a different one without any impact on your users. If you were using an A record, however, you would be stuck on that one server for better or worse.

That said, we understand that sometimes you may not have a choice but to go with an A record. If that's the case, please contact Springy Support and we can help you get this set up.


Step 2. Installing your certificate

Once you've updated your CNAME records, the next step is to obtain and upload a security certificate for your site. There are two options for doing this:

Before uploading your certificate, please note the following

  • You will need a certificate for NGINX on CentOS in the x509 format​.
  • LibApps does support wildcard and SAN certificates. Please see the instructions below for uploading certificate files.
  • If you have intermediate CA certificates, you can chain them into a single CRT, then upload that to LibApps. The certificate for your domain is located at the top of the CRT file, followed by one or more intermediate certificates. If your CA provides multiple intermediate certificates, they should tell you the proper order to include them inside the single "combined" certificate.
  • If your certificate is issued by InCommon, please see the section below for important information.
  • If your certificate is issued by DigiCert, check out their blog post on how to find your private key.
  • We do not support KEY files protected by a passphrase, or .pfx files.

Using your site's default certificate from Let's Encrypt

We are pleased to announce free support for Let’s Encrypt SSL certificates. Similar to the certificates that we manage for Springy domains (e.g., libguides.com), these short-term certificates for your LibGuides, LibAnswers, and/or LibCal domains will be installed and renewed by us at no cost or bother to you. Simply change your site’s domain to your desired custom domain, and we’ll do the rest!

  • Please allow one business day for our automated process to obtain, install, and activate your Let's Encrypt certificate.
  • Let's Encrypt certificates will also cover the www. version of your custom domain name.
  • Springshare will automatically take care of renewing your Let's Encrypt certificates, so you don't need to lift a finger. 

Already have a custom domain? No problem! If you prefer to upload your own SSL certificate, you can still do that. Sites that have already uploaded their own certificates will not be changed.


If you need to obtain a new certificate 

To enable HTTPS for a site using a custom domain name, you will need to work with your IT staff to obtain a security certificate using a Certificate Signing Request from LibApps. The following steps will guide you through the process:

  1. Click on your site's Manage HTTPS () icon in the Actions column.
  2. Under the Your Certificate tab, you will see an alert letting you know the status of your domain name and certificate.
    • If you do not see a confirmation that your domain is pointing to the correct endpoint, please update your custom domain's CNAME records before continuing.
  3. Click on the Generate and Download Certificate Signing Request & Private Key panel to expand it.
  4. Complete the provided form to generate a new Certificate Signing Request (CSR).
  5. Click the Generate and Download CSR & Key button. A zip file containing your CSR and KEY will be be downloaded.
    • Provide these files to your Certificate Authority (CA) when requesting your security certificate (CRT). You will need a certificate for nginx on CentOS in the x509 format​.
    • If you subsequently need to change the information in your CSR, return to this page and repeat Steps 1-5 to generate and download a new CSR and KEY.
  6. Once you have obtained your CRT, return to this page and click on the Upload Certificate Files panel to expand it. 
  7. Click on the Upload CRT and Upload KEY buttons to upload your CRT and KEY files to our server. Once the files have been uploaded, your certificate will be installed within one business day. We'll send you an email notification once it's ready to go. :)
    • As a courtesy, admins will receive an email notification when your site's certificate is within 60 days of expiration.

Screenshot of the Manage HTTPS icon

Generating and downloading a CRT and KEY

Uploading a CRT and key 


If you have an existing KEY & CRT pair (including wildcard & SAN certificates)

  1. Click on your site's Manage HTTPS () icon in the Actions column.
  2. Under the Your Certificate tab, you will see an alert letting you know the status of your domain name and certificate.
    • If you do not see a confirmation that your domain is pointing to the correct endpoint, please update your custom domain's CNAME records before continuing.
  3. Click on the Upload Certificate Files panel to expand it. Make sure your certificate is nginx on CentOS in the x509 format​.
  4. Click on the Upload CRT and Upload KEY buttons to upload your CRT and KEY files to our server.
    • Note: we do not support KEY files protected by a passphrase, or .pfx files.
    • Once the files have been uploaded, your certificate will be installed within one business day. We'll send you an email notification once it's ready to go. :)
    • As a courtesy, admins will receive an email notification when your site's certificate is within 60 days of expiration.

Screenshot of the Manage HTTPS icon

Uploading a CRT and KEY

Important notes about InCommon certificates

To use InCommon certificates, you must concatenate the domain-specific certificate with the intermediate and root certificates, in a specific order.

To ensure your certificates are in the correct order, please do the following:

  1. Log into the InCommon Certificate Manager.
  2. Download "x509 Base64 Certificate Only".
  3. Download "x509 Base64 Intermediates Only Reverse".
  4. Open both files in a text editor like Notepad.
  5. Copy the contents of the "x509 Base64 Intermediates Only Reverse" file and paste it to the end of the "Certificate Only" file.
  6. Save the file as a new .CRT file. 

When finished, your certificates should be in an order such as this:

  • Site certificate (X509 Certificate only) 
  • Inter 2 - InCommonRSAServerCA_2 
  • Inter 1 - USERTrustRSAAddTrustCA 
  • Trust - AddTrustExternalCARoot.

Example of download InCommon certificates

Related Articles