Highlights → Automatic TLS for custom domains

Automatic TLS for custom domains

April 10, 2026. Custom domains get HTTPS automatically. No certificate purchase, no renewal calendar, no DNS scripting. Point your domain at SGEN, the certificate provisions, the site is HTTPS within minutes.

What changed

Before today, putting a custom domain on SGEN meant either accepting HTTP (no — modern browsers flag it as insecure) or wrestling with certificate provisioning yourself.

After today, every custom domain you point at a SGEN site gets:

  • A valid TLS certificate, automatically issued
  • HTTPS as the default protocol on every public page
  • HTTP-to-HTTPS redirect automatically configured
  • Automatic renewal before the certificate expires — no manual intervention
  • The green padlock visitors expect on every modern site

You don't see the certificate provisioning. You don't manage the renewal calendar. The platform handles it.

How it works

The setup flow:

  1. Buy your domain from any registrar (we don't sell domains — pick whichever provider you prefer)
  2. In SGEN: Site → Settings → Domain, enter your domain
  3. SGEN shows you the DNS records to set at your registrar
  4. Set the records at your registrar (an A record + a CNAME, typically)
  5. Wait — the platform polls DNS until propagation completes
  6. Certificate provisions, HTTPS becomes the default

Total clock time from "domain purchased" to "HTTPS public site": typically 5-30 minutes, depending on your DNS provider's propagation speed.

What it covers

  • The apex domain (acme-coffee.com)
  • The www subdomain (www.acme-coffee.com)
  • Any subdomain you configure (shop.acme-coffee.com, blog.acme-coffee.com)

Each gets its own certificate, each auto-renews, each gets the HTTP-to-HTTPS redirect.

Why this matters

For a marketing site, HTTPS is now table stakes — without it, browsers show warnings, search engines de-rank, and visitors leave. Hand-rolling certificates was the gap between "I bought a domain" and "my site is public-ready."

That gap is closed. The certificate work disappears from your responsibility. You buy the domain, point it, the platform handles the rest.

For platforms competing against SGEN, free TLS isn't a differentiator — it's expected. The differentiator is the absence of friction. SGEN's setup flow doesn't ask you to think about certificates, because you don't need to.

Common patterns

  • A team launching a new site. Buy acme-coffee.com Monday. Point at SGEN Tuesday morning. By Tuesday afternoon, the public site is at https://acme-coffee.com with a valid certificate. Wednesday they start writing content.
  • An agency migrating a client from WordPress. The client's existing certificate (paid-for, manually renewed) becomes irrelevant. Point the domain at SGEN. Certificate provisions. The client's previous certificate renewal calendar can be retired.
  • A multi-domain operator. Point acme-coffee.com, acme-coffee.co.uk, and acmecoffee.de at the same SGEN site. Each gets its own certificate. The operator manages zero of them.

What's not included

A few things you still own:

  • Domain registration. You buy the domain from a registrar; we don't sell domains.
  • DNS records. You set the records at your registrar; we tell you what records to set.
  • Branded email (you@acme-coffee.com). Email DNS records (MX, SPF, DKIM) are separate from the web-domain DNS records SGEN manages. Set those at your registrar or with your email provider.

These are deliberately out of scope — domain ownership stays with you, and email is its own product domain.

Next steps

  • If you're setting up a new domain, go to Site → Settings → Domain and walk the flow.
  • If you already pointed a domain, the certificate is already there — check the public URL.
  • If you manage multiple sites, repeat the flow per site. Each domain on each site gets its own certificate.
On this page