DDOS protectection for website builder application, multiple domains pointing in via cname

Hello,

We are soon to launch our own website builder that will help businesses create and host websites on our server. These businesses will point their domains to us via cname entry in their DNS. We plan to have a wildcard subdomain and run each business website on their own sub domain.

For example

Business 1 - Domain biz1 . com - DNS on Godaddy

Website will run on biz1 . example . com
www . biz1 . com -> cname to biz1. example . com

Business 2 - Domain biz2 . com - DNS on Google

Website will run on biz2 . example . com
www . biz2 . com -> cname to biz2 . example . com

Our cloud flare account will only have the DNS for our domain example . com

SSL Certificate - We will use letsencrypt to issue an SSL certificate for each business domain.

Questions

  1. Would cloudflare allow us use multiple SSL certificates, one for each business domain ?
  2. Do we even need multiple SSL certificates or can we just live with a single SSL certificate ?

End goal - DDOS protection for all websites we host.

Both of these scenarios are limited to enterprise deals via SSL for SaaS, which can only be acquired via contacting enterprise sales (pricing is also highly custom, so you won’t find a price estimate without explaining your use case):

If you don’t want to pay for SSL for SaaS, your only options for allowing CNAMEs are to cname biz1.com -> biz1.example.com, but have the subdomain unproxied. If you do go unproxied, you can use a wildcard record.

As a side effect of being unproxied, you won’t get any of the benefits of CF - it’s just like a regular CNAME and won’t be DDOS protected.

2 Likes

Thank you for the reply. Let me contact enterprise sales and get an estimate. If I have a followup question then I should create a new topic ?

If it’s related, go ahead and add it to this thread. It can be split off if it needs to be a new thread.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.