Hi, we’re self hosting a web application and want to move it to Netlify. We want to keep the same custom domain we use, and we want to switch over without downtime.
What I cannot figure out is how to configure a custom domain on Netlify without first changing the DNS record. What I want to do is to have the custom domain set up in advance on the Netlify side, SSL certificates and all, and THEN set up the DNS so that as the DNS propagates, some people will hit the old site, some the new site, but all will get to our app.
All that is required to publish an SSL certificate is a private key, and there can be many associated with a single domain. Netlify’s SSL certificate issuance is an integrated solution that uses Netlify DNS to generate and validate a certificate, so you’d need to switch DNS to use it, however you do not need to use Netlify’s integrated solution: there is also the “Set custom certificate” option.
Therefore, you can generate an SSL certificate with a third-party service (whether that’s paid, or free) and then validate it (using DNS on your current architecture) and then upload that to Netlify. A shortcut would be to use your current production SSL certificate (just grab the certificate and private key from your infrastructure) but it’s possible you can’t easily extract it.
Generate a certificate for your domain, using the current architecture to validate the certificate (either using Let’s Encrypt or purchase from somewhere like SSLs.com)
Upload the “Certificate” and “Private Key” via “Set custom certificate” in the Netlify dashboard
Done! You now have 2 different systems, both with valid SSL certificates for your domain
Then, once you’ve switched your DNS over to Netlify and all traffic is being routed to Netlify you can switch from a custom certificate to a Netlify managed certificate – as long as you do it before your custom certificate expires, there’ll be no interruption of service.
Thanks but we want to manage our own DNS-- Netlify doesn’t allow delegating just a subdomain and we have a lot of servers that we need on the same apex domain. the other reply was more helpful.