Add a custom domain

Two steps: register the domain with the app, then point DNS at the stack. Let's Encrypt issues the cert automatically once DNS resolves.

1. Add the domain to the app

$ ownstack app domains:add <app> example.com

This registers the domain with the stack's nginx vhost and (by default) requests a Let's Encrypt cert. Pass --cert=FILE --key=FILE to use your own cert instead.

2. Point DNS at the stack

Find the stack's IP:

$ ownstack stacks
  ID            NAME                IP                STATUS
  jJCsl6B9...   prod-east           54.123.45.67       provisioned

Then create the matching DNS record at your provider:

Hostname	Record	Target
Apex (`example.com`)	A	The stack IP
Subdomain (`app.example.com`)	A	The stack IP
Subdomain via CNAME	CNAME	The stack's default domain

3. Wait for SSL

Once DNS resolves, dokku-letsencrypt issues a cert via HTTP-01 challenge. Inspect:

$ ssh dokku@<stack-ip> certs:report <app>

If the cert doesn't issue within a couple of minutes, see DNS & routing troubleshooting. Common cause: port 80 not open from the public internet (Let's Encrypt's prober needs HTTP-01).

Multi-stack apps

If your app deploys to multiple stacks and you want one domain to load-balance across all of them, point the DNS record at a load balancer (cloud-provider LB, weighted DNS) instead of a single stack IP. Each stack independently provisions its own Let's Encrypt cert.

Wildcard domains

Wildcards (*.example.com) need the DNS-01 challenge — Let's Encrypt won't issue wildcards via HTTP-01. See Wildcard certs.