Introduction

I wanted to activate a custom domain on BTP for my own website https://wouter.lemaire.tech . To achieve this I followed this great step-by-step blog post of @andrew_lunde : https://community.sap.com/t5/technology-blogs-by-sap/step-by-step-guide-to-custom-domains-with-multi...

Nevertheless, I did some steps different which still made it challenging to configure:

• I bought the domain using google domains
• Used certbot instead of my own certificate (in companies you’ll probably have a company certificate)
• Added MTA configuration to automatically map the domain after deploying your app

Those differences changed some steps in the flow which I documented and want to share in this blog post.

Prerequisites

Check the official SAP help documentation, this might help you to understand the flow: https://help.sap.com/docs/custom-domain/custom-domain-service/create-custom-domains?locale=en-US

You need to buy a custom domain, this is not part of this service. This service just allows you to use your custom domain (which you pay separately) to your BTP applications and services. I’m using google domains which has been migrated to Squarespace.

Install certbot: https://certbot.eff.org/instructions?ws=other&os=windows

Download the latest version of the Certbot installer for Windows at https://github.com/certbot/certbot/releases/latest/download/certbot-beta-installer-win_amd64_signed.....

Make sure your BTP account has the entitlements:

Create an instance of this service in your CloudFoundry Space:

Install the CloudFoundry CLI with the Custom Domain Self-Service plugin. The plugin can be downloaded from here: https://tools.hana.ondemand.com/#cloud

Once downloaded, install it by going into the folder of the plugin and run the following command in your cli: “cf install-plugin custom-domain-cli”

Validate if it was successful by running “cf plugins”. This will show you a list of all installed plugins including the custom domain plugin: 

Create your custom domain

1) Login to CloudFoundry using the cli:

2) Create your custom domain using the command “cf create-domain wlcf wouter.lemaire.tech”

You can validate if this was successful with the command “cf domains”, here you should see your domain listed:

3) Create a private key for your custom domain in Cloud Foundry using the command:

cf custom-domain-create-key custom-domain-wouter-lemtech-key "CN=*.wouter.lemaire.tech, EMAIL=wouter@lemaire.tech, O=lemtech, C=BE" "wouter.lemaire.tech"

• custom-domain-create-key: command for the cf cli custom domain plugin to create the key
• custom-domain-wouter-lemtech-key: this is the name for the key that will be created. We need this in a later phase
• “CN=*.wouter.lemaire.tech, EMAIL=wouter@lemaire.tech, O=lemtech, C=BE” : details need to create the CSR
• "wouter.lemaire.tech": the domain name I want to connect (more can be listed here)

4) Get the Certificate Signing Request (CSR) by using the created private key using the following command:

cf custom-domain-get-csr custom-domain-wouter-lemtech-key csr.pem

• custom-domain-get-csr: cf cli custom domain command to retrieve the csr
• custom-domain-wouter-lemtech-key: name of the private key which was created in the previous step
• csr.pem: name of that will be used to store the csr in

5) Sign the CSR using certbot by running cmd as administrator from the folder where the csr.pem file is stored and run the following command:

certbot certonly --manual --csr ./csr.pem --preferred-challenges dns

This will give you a token which you need to use to create a TXT record in Google Domains:

Once you created the record, you can press enter. This might take a while but eventually provide you some certificates:

6) Upload the signed certificate to CloudFoundry

As I received three certificates from certbot and it was not clear which one to take so I tried merging all of them into one:

When uploading the combined certificate using the following command, it went in error:

cf custom-domain-upload-certificate-chain custom-domain-wouter-lemtech-key allchain.pem

So I tried all certificates separately and eventually the last one worked 😊

cf custom-domain-upload-certificate-chain custom-domain-wouter-lemtech-key 0001_chain.pem

• custom-domain-upload-certificate-chain: command to upload the certificate to CloudFoundry
• custom-domain-wouter-lemtech-key : key that I created earlier
• 0001_chain.pem: certificate that needs to be uploaded

It will ask for confirmation and upload BUT not yet activate:

We can check if the certificate was uploaded successfully with the following command + the private key:

cf custom-domain-show-certificates custom-domain-wouter-lemtech-key

7) Activate the custom domain using the following command:

cf custom-domain-activate custom-domain-wouter-lemtech-key wouter.lemaire.tech

• custom-domain-activate: command for activating
• custom-domain-wouter-lemtech-key: private key name
• wouter.lemaire.tech: domain to be activated

You can check if the active custom domains in CloudFoundry with the command: cf custom-domain-list

In my case, I have two, one main custom domain which I’ll use to continue “Wouter.lemaire.tech” but also a generic domain that allows me to use subdomains “*.wouter.lemaire.tech”. I’ll use this one later.

8 ) Configure DNS for custom domain

Before we can do this, we need to get the API of CloudFoundry in your subaccount. This can be done by using the command “cf api”:

In Google Domains, I created the following record:

To test if it works I used the command “nslookup Wouter.lemaire.tech”:

9) Map application to custom domain

Before we do, we can check the list of apps to find the connected route for each application

With the following command, we will map an app with the custom domain we created (this needs to be done for the approuter app as this is the access point for an application in BTP):

cf map-route <Application Name> <Custom Domain> --hostname <Application Hostname>

In my example it looks like this, without the hostname as I want it to be connected with the main domain:

cf map-route lemtech-approuter wouter.lemaire.tech

If you now check the list of apps, you’ll see that the route for the approuter is connected to the custom domain:

You can also check the list of routes:

10) Configure the MTA of your app

After every deploy the mapping between the route and your app will be gone and you need to do this over again. This can be done in the BTP Cockpit:

You can avoid this by configuring the domain in the mta.yaml file of your application as followed:

With this configuration you’ll keep the domain connected to your application after each deploy

That’s how it’s done 😊

Result

Try navigating to https://wouter.lemaire.tech this will open my website which is running on SAP BTP Cloud Foundry! 

Additional

Additionally I’m also want to create subdomains so I can use the custom domain for other applications. For this, I added a record in google domains as followed:

I have activated the custom domain “*.wouter.lemaire.tech”

Mapped the application BTP Service Overview with the custom domain Wouter.lemaire.tech using btp-services as hostname:

Result: https://btp-services.wouter.lemaire.tech/