Generating TLS certificates for external domains in SST

Marty PennerMarty Penner
2 min read

You know how sometimes, you can spend hours and hours debugging something, only to discover the fix is a few lines of code? That's what creating certificates in sst.dev was like. I kept forgetting that SST wraps AWS Cloud Development Kit (CDK), and that any construct not available in SST could be grabbed from the underlying CDK. Oops. Score one for "I should've read the docs more thoroughly and slowly".

Anyways, here's the entire SST config you'd need to add a custom certificate to your site stack in SST:

import { Certificate, CertificateValidation } from 'aws-cdk-lib/aws-certificatemanager';
import type { SSTConfig } from 'sst';
import { Config, SvelteKitSite } from 'sst/constructs';

export default {
    config(_input) {
        return {
            name: 'your-site',
            region: 'us-east-1',
        };
    },
    stacks(app) {
        app.stack(function Site({ stack }) {
            const certificate = new Certificate(this, 'Certificate', {
                domainName: '*.yourdomain.com',
                subjectAlternativeNames: ['yourdomain.com'],
                // Can also do `fromEmail`, but DNS is more maintainable if you
                // have control of the DNS records.
                validation: CertificateValidation.fromDns(),
            });
            if (stack.stage !== 'prod') {
                // Don't need to keep dev certs around forever.
                certificate.applyRemovalPolicy(RemovalPolicy.DESTROY);
            }

            const site = new SvelteKitSite(stack, 'site', { // or whatever site stack you want to use
                customDomain: {
                    // Note that we're supplying the root domain, not the subdomain wildcard.
                    domainName: 'yourdomain.com',
                    isExternalDomain: true,
                    cdk: {
                        certificate,
                    },
                },
            });

            stack.addOutputs({
                url: site.url,
            });
        });
    },
} satisfies SSTConfig;

Voila! SST is actually pretty cool. Knowing just a bit about AWS Lambda has unlocked a lot of ideas for me.

0
Subscribe to my newsletter

Read articles from Marty Penner directly inside your inbox. Subscribe to the newsletter, and don't miss out.

General ProgrammingsstDevops

Written by

Marty Penner
Marty Penner

Hey, I'm Marty! I help build great developer experiences, from documentation to dev tools. I have a lot of experience with modern monorepos and React. I built a VSCode extension (called "CSS to Go") in mostly Rust for autocompleting CSS classnames. I've worked on a task manager app (who hasn't these days?) that I'm aiming to be local-first, cloud-optional, and polished because it's fun. I love reading, drumming, some writing, and figuring hard problems out. I've worked with a lot of tech over the 10+ years I've been a developer, and I love the inflection point we are at in the industry. The future is bright! I am currently a Frontend Developer at Race Roster, based out of Ontario, Canada.