DNS & Certificates

YourSpace uses ACME (the same protocol behind Let's Encrypt) to auto-provision TLS certificates. You just need to point your domain.

1. Point your domain

Add a CNAME record at your DNS provider pointing to your YourSpace endpoint:

Type   Name              Value
CNAME  your-site.com     your-site.yo.urspace.net

If you're using an apex domain (no subdomain), some providers require an ALIAS or ANAME record instead. Check your provider's docs.

2. ACME verification

Once DNS propagates, YourSpace automatically:

1. Detects the CNAME pointing to your edge endpoint
2. Initiates an ACME HTTP-01 challenge against your domain
3. Provisions a TLS certificate and installs it across all edge nodes
4. Schedules automatic renewal before expiry

No manual steps required. Certificates typically provision within 60 seconds of DNS propagation.

3. Bring your own cert

If you need a specific certificate (e.g., EV or wildcard), specify it in yourspace.yml:

tls:
  auto: false
  cert: ./certs/my-cert.pem
  key:  ./certs/my-key.pem

YourSpace will use your cert and skip ACME provisioning. You're responsible for renewal in this mode.

4. Verifying

After deployment, confirm your cert is active:

$ curl -vI https://your-site.com 2>&1 | grep "subject:"
*  subject: CN=your-site.com