** UPDATE: This step is no longer necessary. All custom domains set up as per this guide will automatically work over HTTPS **

To enable HTTPS with your custom domain you will need a SSL Certificate.

As you are owner of the custom domain you will need to acquire the certificate. There are free paid and free methods of doing this. For a free option check https://letsencrypt.org/getting-started/

Method 1

Use a flexible SSL (via a third party DNS provider such as AWS CloudFront or CloudFlare)
Please refer to the DNS providers documentation for the specific steps.

Method 2

Use your own SSL certificate with a TLS termination proxy.

Once you have a valid certificate for the subdomain you need to setup a TLS termination proxy. Hopefully your provider can help with this step.

Note: If you created a CNAME record that points to beacon.by, you will need to delete this to host your own SSL certificate.

You'll need to set up a TLS termination proxy, as mentioned. This differs depending on what software your web server is running.

For example if you are running Apache you would do something like this:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName your.customdomain.com # specify your custom domain here

        SSLEngine on
        SSLProxyVerify none
        SSLProxyEngine on

        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off

        SSLCertificateFile /path/to/your/fullchain.pem
        SSLCertificateKeyFile /path/to/your/privatekey.pem

        ProxyPreserveHost On
        ProxyPass / https://beacon.by/
        ProxyPassReverse / https://beacon.by/

If you are running NGINX you would do something like this:

resolver; # use own DNS server if you have one
server {
  listen 443 ssl;
  server_name your.customdomain.com; # replace this with your domain

  ssl_certificate /path/to/your/fullchain.pem;
  ssl_certificate_key /path/to/your/privatekey.pem;

  location / {
    # using "set" is important as IP addresses of Intercom servers
    # changes dynamically. "set" enables nginx to follow dynamic IPs
    set $beacon "https://beacon.by:443";
    proxy_set_header Host $host;
    proxy_pass $beacon;

This is, unfortunately, quite technical. If you don't have full access to your webserver it might be best to ask whoever administers it to set up the TLS termination proxy. 

Did this answer your question?