Documentation You are here: start » v » 2.0 » custom_domain

Sugar, Spice, and Custom Subdomains

IMPORTANT Anti-Fraud Considerations If you opt for a custom subdomain, we strongly recommend enabling our automatic reCAPTCHA integration, to prevent more advanced card testing attacks. We can't enable this automatically for custom domains, so it requires an extra step. Read on below for more info.

Do I need a custom subdomain?

Short answer: it depends on your site. A custom subdomain is the only way to hide the .foxycart.com in your customers' address bar. This might be desirable for your store, and might seem more “professional” if you have technically proficient customers. In our experience, stores at yourstore.foxycart.com convert just as well as checkout.yourstore.com, but we leave it to you to make the choice that's best for your business.

By default, your store's FoxyCart functionality lives at example.foxycart.com, where example is the subdomain you've chosen for your store. The custom subdomain add-on allows your store to live at secure.example.com, checkout.example.com, payments.example.com, or any other name to the left of .example.com you'd like (again, where example.com is your own domain). Some merchants like this, because it gives them a fully-branded checkout experience: everything from the template to the address bar. Other merchants are happy parking their store at .foxycart.com.

There are a few reasons to take this approach:

  • A custom subdomain presents the customer with the most seamless checkout flow available. While it does not provide any template customization functionality not otherwise available, it does remove the last trace of the FoxyCart name from your store's checkout flow.
  • A custom subdomain will have a SSL certificate with your store's information. While very few customers will actually examine this, for those that do it's a nice touch.
  • Custom subdomains allow for additional SSL options. (See below for details.)
  • A custom subdomain can work around 3rd party cookie restrictions, which may make analytics or affiliate tracking much easier to accomplish.

To order a custom subdomain:

  1. Log into the FoxyCart Admin.
  2. Click “Settings” under the “STORE” heading at the top.
  3. Check the box next to “use custom SSL”.
  4. Click the red “purchase an SSL certificate” that appears in the help text below.
  5. Complete the order form and checkout to pay for the add-on.
  6. Our helpdesk will reply within 1–2 business days to confirm your order.

Do not change your custom subdomain setting until you have received a green light from FoxyCart and set up your DNS entry (see below). Changing that setting can and will break your add-to-cart and checkout links, as well as your Javascript and CSS includes.

SSL Options

Standard SSL Certificates

This is the simplest option, it just requires that you create 2 CNAME records in your DNS. Once you place your order, we'll start the process, and you'll get emails with further details.

Using a CAA Record? CAA records are DNS records that indicate which certificate providers can issue an SSL cert for your domain. They're great, and you'll need to ensure Amazon is listed as a provider. You can add it at your “naked” domain (like example.tld), or at the specific subdomain you're using with Foxy (like checkout.example.tld). In either case, you'll need to add the following domains with the issue statement: amazon.com, amazontrust.com, awstrust.com, amazonaws.com.

Using Your Own SSL (aka BYOSSL)

Please note: Customer Provided SSL Certificates is only available for users on our Enterprise plans.

If you'd like to provide your own cert (like an EV SSL or wildcard certificate), you can. Please be aware, however, that this will cost you (and us) more. (Click here for the explanation why.) To get started with an EV or other customer-provided certificate, please contact us for approval and instructions.

Wildcard SSL Certificates

If you'd like a wildcard cert for multiple stores on FoxyCart, we can help you set that up. Please contact us for details.

DNS Setup

In order to use your custom subdomain you'll need to do a quick addition to your domain's DNS. This generally will only take a minute if you're comfortable with DNS. If you're not comfortable with your domain's DNS, or if you don't even know what DNS is, your hosting provider or domain registrar can likely handle this for you.

  1. First, decide what domain you'd like, here are some ideas:
    1. secure.example.com
    2. checkout.example.com
    3. cart.example.com
    4. checkout.example.com
    5. store.example.com
    6. ???.example.com — anything you'd like. Find what works best for you!
  2. Next add a CNAME record for that subdomain. Let's say you've chosen secure.example.com. You'd set a CNAME at your secure subdomain, pointing to secure.example.com.dns.foxycart.com. (making sure to include the trailing dot, if your DNS system allows it). No matter what domain you've chosen, you'll add .dns.foxycart.com. to where it's pointing in your CNAME value.
  3. To check this, use the dig command in your Terminal (Mac or Linux users), or use kloth.net. Enter your domain (cart.puppydogs.com) and you should see the domain you entered like cart.puppydogs.com.dns.foxycart.com. (again, note the trailing period) in the ANSWER SECTION. It should have a CNAME value pointing to cloudfront.net, with a bunch of A Records beneath it.

Also important to note is that you will get a certificate warning if you do this before you have received confirmation from FoxyCart that your SSL certificate has been fully configured and provisioned. You are encouraged to set up your CNAME when you place your order, but it will not work until it's been approved by you and set up on our systems.

Anti-Fraud Setup

If you're using a custom subdomain, you'll need to do a few extra steps to get your own reCAPTCHA keys. We STRONGLY RECOMMEND THIS, as without it a botnet-based card-testing attack could cost hundreds or thousands of dollars in authorization fees.

  1. Go to the Google reCAPTCHA admin area. (You'll need to login with your Google Account if you aren't already.)
  2. Enter a label that'll make it clear what these keys are for. Something like “My Example Store on FoxyCart”, perhaps. This is just for your own use.
  3. Select the reCAPTCHA V2 option, and if given options, choose the “I'm not a robot” option
  4. Enter the domain that your FoxyCart account's checkout is using. For example, if your domain was secure.example.tld, you'd enter example.tld. Check the checkbox(es) to agree to Google's terms, and submit.
  5. It should be successful, and take you to a page with your Site Key and Secret Key.
  6. Copy those two keys into the “payment” page in your FoxyCart admin. (Make sure to put the Site Key in the right input field. Put the “Secret key” into the Foxy admin input for “secret key”.
  7. Save the payment settings in the FoxyCart admin.
  8. Do some test transactions, if you'd like. (You can set the reCAPTCHA setting in your Foxy settings to “Enabled, Always”, then load up your checkout. You should see the reCAPTCHA display on the checkout. Set it back to “Enabled, Automatically…” once you're done, if you'd prefer.)

Common Questions

I can get a SSL Certificate for way cheaper. What gives?

Yes, you can get a certificate for cheaper (or free with LetsEncrypt), but SSL Certificates require the overhead of setup and support (which is actually not insignificant). Further pieces that are hard costs for us are additional firewall configuration; web application firewall configuration and setup with the SSL certificate (so the WAF can decrypt the traffic); DNS queries; load balancing; DNS failover; monitoring; and security scans.

For this reason, we do allow you to provide your own certificate, but we charge more for this option, because it's much more labor intensive for us to set up and facilitate renewals. The actual cost of the certificate is not the main cost for our custom certs.

Though the automation now possible with SSL certificates is fantastic, it's still more work and cost for us, so at this point we do still charge extra for this functionality. (Note that the vast majority of other ecommerce SaaS providers don't allow this functionality at all, for various reasons.)

Why do you charge more if I provide my own SSL certificate?

For our normal certificates, we are able to automate quite a bit of the process, including renewals. At present, allowing our users to provide their own certificates requires a fair amount of manual work on our end. Though as of recently there have been advances in SSL provisioning possibilities, it'd require quite a bit of work to bring that automation to allowing user-provided certs.

We wish we could allow you to bring your own certificates, and as the technology changes, it's something we'll continue to explore. At this point, however, please understand that the cost structures you might be familiar with (ie. in shared hosting environments) is worlds apart from what we're dealing with. (We're often met with skepticism about this, so if you remain unconvinced, please notice that almost no other hosted ecommerce providers allow this at all. The largest SaaS ecommerce platform only allows this on their enterprise plans, as a point of reference.)

For this reason, we limit the option to bring your own SSL Certificate to our Advanced and Enterprise users. Thanks for understanding!

Legalese, Full Disclosure

We use 3rd parties for our SSL processes. Generally, either Digicert or AWS. They have their own terms that you agree to when you approve the cert.

Site Tools