Custom domains
Map your own domain to a Dockfly service. TLS certificates are issued and renewed automatically.
*.dockfly.app subdomain.Add a domain
From a service's Networking tab, click Add domain and enter the hostname (e.g. app.example.com). Dockfly tells you which DNS records to set, then continuously verifies them until the cert is issued.
DNS configuration
Subdomain (recommended) — CNAME
For any subdomain (apex domains can't use CNAMEs in most providers), point a CNAME at the Dockfly load balancer. This keeps the IP under our control and lets us route around incidents.
Type: CNAME
Name: app
Value: edge.dockfly.app
TTL: 300That maps app.example.com → Dockfly. No further setup.
Apex domain — A record (or ALIAS / ANAME)
Most DNS providers don't allow CNAMEs at the apex (example.com with no subdomain). Use either:
# Option 1: A record (works everywhere, IP is stable but not flexible)
Type: A
Name: @
Value: 103.155.91.42
TTL: 300
# Option 2: ALIAS / ANAME (Cloudflare, DNSimple, Route53)
Type: ALIAS
Name: @
Value: edge.dockfly.app
TTL: 300TLS certificates
Dockfly issues a Let's Encrypt certificate as soon as DNS resolves. We renew 30 days before expiry and rotate seamlessly.
For wildcard certs (e.g. *.example.com), Dockfly uses the DNS-01 challenge — supported on Cloudflare, Route 53, DigitalOcean, and most major providers. Check the dashboard for the full list.
Common issues
“Certificate pending” for > 5 min
Usually a DNS issue. Run dig +short app.example.com and check that it returns a Dockfly value. If you just changed the record, wait one TTL cycle (often 5 minutes).
“CAA record blocking issuance”
If you have a CAA record on the apex, allow Let's Encrypt:
Type: CAA
Name: @
Value: 0 issue "letsencrypt.org"