Table of Contents
Sugar, Spice, and Custom Subdomains
Do I need a custom subdomain?
Short answer: it depends on your site. A custom subdomain is the only way to hide the
.foxycart.com in your customers' address bar. This might be desirable for your store, and might seem more “professional” if you have technically proficient customers. In our experience, stores at
yourstore.foxycart.com convert just as well as
checkout.yourstore.com, but we leave it to you to make the choice that's best for your business.
By default, your store's FoxyCart functionality lives at
example is the subdomain you've chosen for your store. The custom subdomain add-on allows your store to live at
payments.example.com, or any other name to the left of
.example.com you'd like (again, where
example.com is your own domain). Some merchants like this, because it gives them a fully-branded checkout experience: everything from the template to the address bar. Other merchants are happy parking their store at
There are a few reasons to take this approach:
- A custom subdomain presents the customer with the most seamless checkout flow available. While it does not provide any template customization functionality not otherwise available, it does remove the last trace of the FoxyCart name from your store's checkout flow.
- A custom subdomain will have a SSL certificate with your store's information. While very few customers will actually examine this, for those that do it's a nice touch.
- Custom subdomains allow for additional SSL options. (See below for details.)
- A custom subdomain can work around 3rd party cookie restrictions, which may make analytics or affiliate tracking much easier to accomplish.
To order a custom subdomain:
- Log into the FoxyCart Admin.
- Click “Settings” under the “STORE” heading at the top.
- Check the box next to “use custom SSL”.
- Click the red “purchase an SSL certificate” that appears in the help text below.
- Complete the order form and checkout to pay for the add-on.
- Our helpdesk will reply within 1–2 business days to confirm your order.
Standard SSL Certificates
This is the simplest option, it just requires that you approve the certificate and set up a DNS entry on your end. We will order a “30-day Trial” certificate through DigiCert.
Once we receive your approval for the trial certificate, we can update our server-side certificates.
You will need to be able to receive email at one of these addresses:
OR any address listed on your WHOIS record. (Use this link to look up that information: WHOIS)
We're constrained to these “generic” email addresses for certificate approval. All of those email addresses will be sent an approval message when we've ordered the “Trial” certificate, but you only need to respond once.
Once you've placed your order, you'll receive a notice from the Helpdesk and we'll walk you through the above steps. It can take as little as 4 minutes to complete!
A note about UC Certificates (UCCs): Our normal SSL certificates are handled via UCCs, which allow us to have up to 100 separate domain names on a single certificate. These certs provide the exact same level of security as normal certs do, but they're easier to manage, more cost effective, and don't require a unique IP address per certificate. That said, when a user views the certificate, the user can see all the domains on the certificate. This approach is not uncommon with service providers like FoxyCart. In fact, Edgecast (the CDN that we use for cdn.foxycart.com) uses UCC certs as well. If this bothers you, you can do the BYOSSL option (described below).
Using Your Own SSL (aka BYOSSL)
Please note: Customer Provided SSL Certificates is only available for users on our Advanced or Enterprise plans.
If you'd like to provide your own cert (like an EV SSL or wildcard certificate), you can. Please be aware, however, that this will cost you (and us) more. (Click here for the explanation why.) To get started with an EV or other customer-provided certificate, please contact us for approval and instructions.
Wildcard SSL Certificates
If you'd like a wildcard cert for multiple stores on FoxyCart, we can help you set that up through the byoSSL option above.
In order to use your custom subdomain you'll need to do a quick addition to your domain's DNS. This generally will only take a minute if you're comfortable with DNS. If you're not comfortable with your domain's DNS, or if you don't even know what DNS is, your hosting provider or domain registrar can likely handle this for you.
- First, decide what domain you'd like, here are some ideas:
???.example.com— anything you'd like. Find what works best for you!
- Next add a CNAME record for that subdomain. Let's say you've chosen
secure.example.com. You'd set a
securesubdomain, pointing to
secure.example.com.dns.foxycart.com.(making sure to include the trailing dot, if your DNS system allows it). No matter what domain you've chosen, you'll add
.dns.foxycart.com.to where it's pointing in your
- To check this, use the
digcommand in your Terminal (Mac or Linux users), or use kloth.net. Enter your domain (
cart.puppydogs.com) and you should see the domain you entered like
cart.puppydogs.com.dns.foxycart.com.(again, note the trailing period) in the
ANSWER SECTION. It should have a
CNAMEvalue pointing to
cloudfront.net, with a bunch of A Records beneath it.
Also important to note is that you will get a certificate warning if you do this before you have received confirmation from FoxyCart that your SSL certificate has been fully configured and provisioned. You are encouraged to set up your CNAME when you place your order, but it will not work until it's been approved by you and set up on our systems.
I can get a SSL Certificate for way cheaper. What gives?
Yes, you can get a certificate for cheaper, but SSL Certificates require the overhead of setup, renewals, as well as dedicated IPs. Further pieces that are hard costs for us (in addition to the cert itself and the dedicated IP address) are additional firewall configuration; web application firewall configuration and setup with the SSL certificate (so the WAF can decrypt the traffic); DNS queries; load balancing; DNS failover; monitoring; and security scans.
For this reason, we do allow you to provide your own certificate, but we charge more for this option, because it's much more labor intensive for us to set up and facilitate renewals. The actual cost of the certificate is not the main cost for our custom certs.
Why do you charge more if I provide my own SSL certificate?
For our normal certificates, we use Unified Communication Certificates (UCCs), which allow us to put up to 100 domains on a single certificate. This has some very significant advantages as it relates to cost:
- IP addresses & Infrastructure: With our infrastructure (AWS), there are limitations to how load balancers can be configured. One of those limitations has to do with SSL certs and IP addresses, and makes things considerably more difficult and costly to set up and configure.
- Automation & Manual Effort: With our UCC approach, we have many portions of the SSL setup automated. Custom certs require manual effort both to set up the cert and the infrastructure, and this effort must be done by a senior team member on our end.
- Web Application Firewall (WAF): For every SSL cert we have, we have additional overhead and duplication at our WAF, adding additional complexity and cost.
In other words: We have unavoidable hard costs associated with each new SSL certificate we have. These hard costs almost always eclipse the cost of the cert itself.
We wish we could allow you to bring your own certificates, and if the technology changes, it's something we'll continue to explore. At this point, however, please understand that the cost structures you might be familiar with (ie. in shared hosting environments) is worlds apart from what we're dealing with. (We're often met with skepticism about this, so if you remain unconvinced, please notice that no other hosted ecommerce providers allow this at all.)
For this reason, we limit the option to bring your own SSL Certificate to our Advanced and Enterprise users. Thanks for understanding!