Some cloud providers (e.g. AWS with ACM) offers CNAME-based SSL, which are SSL certificates issued by the provider, validate via a CNAME record. Basically, we can request a certificate and validate the domain ownership via CNAMEs, and the cloud provider generates and renews the certificate automatically. We can, then, use the certificate in a Load Balancer. Currently, in DigitalOcean (DO), we can only have auto-generated certificates if we point our nameservers to DO's. This feature is particularly interesting when running a multi-tenant application that allows customers to use their own domains. In this case, we can't ask customers to point their nameservers, but asking them to provide some CNAMEs is a good solution. We are particularly interested in the multi-tenant use case. I have attached some pictures of the process in AWS.