OwnStack

DNS & routing

Domain attached but not resolving

CheckAction
dig +short example.com returns no IPDNS A record is missing. Add it at your DNS provider (Route 53, DNSimple, Cloudflare, etc.) → stack IP from ownstack stacks.
dig +short example.com returns wrong IPOld record. Update it; wait for TTL to expire (or flush local resolver).
Different resolvers return different answersPropagation in flight. Most resolvers update within 5 minutes; cached negative answers can take longer. Check dig +short @1.1.1.1 example.com and @8.8.8.8 independently.
Domain attached to app, but stack returns 404Run ssh dokku@<stack-ip> domains:report <app>. If the domain isn't listed, run ownstack app domains:add again — sometimes the sync fails silently.

SSL not issuing

SymptomCause
certs:report shows no Let's Encrypt certDNS hasn't propagated yet, or the domain isn't reachable from Let's Encrypt's HTTP-01 prober. Verify the domain resolves and port 80 is open from the public internet (some firewalls block it).
letsencrypt:list shows the app but no expiryFirst-time issuance pending. Run ssh dokku@<stack-ip> letsencrypt:enable <app> to trigger.
too many failed authorizations from Let's EncryptYou've hit Let's Encrypt's rate limit (5 failures per hostname per hour). Fix the underlying issue (DNS, port 80) and wait an hour.
Browser shows the stack's default cert (not your domain)nginx still has the old vhost cached. ssh dokku@<stack-ip> nginx:build-config <app> + nginx:reload.

Wildcard certs (DNS-01 challenge)

HTTP-01 challenge can't issue wildcards — only DNS-01 can. Configure the dokku-letsencrypt plugin with a DNS provider hookup (the plugin supports many: Route 53, Cloudflare, DigitalOcean, etc.). See Wildcard certs.

Redirect loops

SymptomCause
Browser bounces between http:// and https:// foreverApp is forcing HTTPS internally and a proxy is forcing HTTPS too. Check X-Forwarded-Proto handling — Rails: config.force_ssl = true + trust the proxy.
Browser shows ERR_TOO_MANY_REDIRECTSnginx has both an HTTPS redirect and the app issues a 301. Pick one.

Diagnostic steps

  1. Resolve the domain to the right IP: dig +short <domain>
  2. Hit the IP directly with the right Host header: curl -k -H "Host: <domain>" https://<ip>/
  3. Check nginx state on the stack: ssh dokku@<stack-ip> domains:report <app>
  4. Check cert state: ssh dokku@<stack-ip> certs:report <app>
  5. Tail nginx error log: ownstack ssh stack <stack> then sudo tail /var/log/nginx/error.log