How to Manage TLS Certificates for 1,000+ Domains

KickoffLabs has helped its customers collect over 15 million leads by making it super simple to set up refer-a-friend style giveaways, sweepstakes and launches. Create a landing page for your viral contest in minutes, and immediately start driving traffic and generating leads.

Every marketing campaign lives on a separate KickoffLabs subdomain, which means that KickoffLabs has generated thousands upon thousands of subdomains. The subdomains enable customers to publish the landing page to a custom domain like http://launch.mydomain.com, a key feature for marketers who need to make sure their brand shines through on all their marketing campaigns.

In 2016, Google announced a major change that every business offering custom domains will need to adapt to in 2017 — the increased emphasis on HTTPS. They started to more heavily weight encrypted connections into their ranking algorithm. Both Google Search and Chrome have started flagging non-HTTPS domains as not secure. Down the line, it’s clear that Google will increasingly distrust domains that aren’t operating on a secure connection.

KickoffLabs customers started asking for the ability to add HTTPS to their custom domains more and more, but it was a daunting technical challenge to implement at KickoffLabs’s scale.

What they found in Backplane was a partner that would completely handle the creation and management of their secure certificates so that their customers could secure their custom domains with a single click.

Why Heroku Wasn’t the Right Solution to the Problem

Managing certificates has a reputation for being a pain. In the past, generating and installing individual certificates has been a multi-step, manual process. You generate your private keys and then find a provider. There are emails back and forth to verify you are who you say you are. Then you have to install the certificate and continually renew.

The key criteria for any solution for the KickoffLabs team was that they didn’t want to be involved in the dealing with certificates on an ongoing basis. They wanted to hand it off to a service provider, not have to think about it, and get back to innovating on product for their customers.

“Heroku told us that, for our scale and size, they couldn’t help us have thousands of secure websites hosted on them in a way that was cost-effective.”

Because KickoffLabs is hosted on Heroku, they turned to them to see if they could do double duty for hosting and for certificate management. However, “Heroku told us that, for our scale and size, they couldn’t help us have thousands of secure websites hosted on them in a way that was cost-effective,” said Scott Watermasysk, co-founder of KickoffLabs.

Using Heroku would require the team to upload and configure thousands of certificates to the Heroku servers. More recently, Heroku launched a product for automated certificate management, but it’s capped at 100 custom domains.

Fundamentally, Heroku is largely designed for the use case of one app, one domain, one certificate. They weren’t the right partner for the long term, because they weren’t designed for the type of app that needs thousands upon thousands of certificates (and growing).

Certificate Automation That’s Invisible to the Customer and the Team

Today, when a KickoffLabs customer wants HTTPS, they need only build their landing page, configure their custom domain, and enter their details. KickoffLabs then hands things off to the Backplane API which sets everything up in the background. As Scott put it, “Backplane instantaneously generates the certificate for us, and as far as our customers are concerned, it’s a bit of magic.”

Everything just works.

“Backplane instantaneously generates the certificate for us, and as far as our customers are concerned, it’s a bit of magic.”

Using Backplane, the development team has been able to automate the entire process of certificate creation and management. “We are able to set it up and then just hand everything over to Backplane,” Scott said. He analogized Backplane to Heroku and Amazon Web Services. From the customer perspective, infrastructure like Heroku and Amazon Web Services is totally seamless — it does its job and stays out of the customer’s way.

To the engineering team, platforms like Heroku, AWS and Backplane solve a lot of hard, challenging problems so that they don’t have to think about them. Instead, they can focus on innovating, building a differentiated product and going to market faster.

And KickoffLabs hasn’t just found a solution to the specific problem of TLS certificates for custom domains, it now has a partner for solving any problems around intelligent and secure traffic routing going forward. “Having Backplane be able to control and manage URLs gives us a lot of flexibility for things we might want to do in the future,” Scott said. “We’re just scratching the surface of what they provide.”

Interested in using Backplane at your org? Sign up for a free 30-day trial. If you have questions, drop us a line.