SSL, HTTPS & Domain Configuration

Why HTTPS Is Mandatory

SSL/TLS encrypts the connection between the user's browser and your server. Without it, any network observer can read passwords, credit card numbers, and private messages in plain text.

HTTPS is not optional for any production application:

• Protects sensitive user data in transit
• Required for modern browser APIs (Service Workers, Camera, Geolocation)
• Required for HTTP/2 (significantly faster protocol)
• Google ranks HTTPS sites higher in search results
• Chrome displays "Not Secure" warning for all HTTP pages

How SSL Certificates Work

A certificate authority (CA) cryptographically vouches that a certificate belongs to the domain owner. Your browser trusts a list of known CAs. When you connect to a site, the browser verifies the certificate chain.

Let's Encrypt provides free, automatically renewed certificates. PaaS platforms (Vercel, Netlify, Railway) use Let's Encrypt to provision SSL automatically when you add a custom domain — you don't need to do anything manually.

Domain Configuration

Organize subdomains logically:

• myapp.com → Production frontend
• www.myapp.com → Redirects to myapp.com
• staging.myapp.com → Staging environment
• api.myapp.com → API server (if separate from frontend)

Adding a Custom Domain to Vercel

1. In the Vercel dashboard, go to your project → Settings → Domains
2. Add your domain
3. Vercel shows you the DNS records to configure
4. In your domain registrar, add the records
5. Wait for DNS propagation (minutes to 48 hours)
6. Vercel automatically provisions an SSL certificate

Key Takeaways

• HTTPS is mandatory — there is no valid reason to run production on HTTP
• PaaS platforms (Vercel, Netlify) provision SSL automatically when you add a domain — no manual certificate management needed
• DNS propagation takes time — changes may not be visible immediately
• SPF, DKIM, and DMARC records are required for email deliverability — without them, emails land in spam