To Reproduce
- Create a Compose application, deploy it successfully
- Go to the application's Domains tab, add a domain, set "Certificate Provider" to "Custom"
- The form shows a "Custom Certificate Resolver" text field — paste a certificate + private key (e.g. a Cloudflare Origin CA cert) into it and save
- Separately, go to the dedicated "Certificates" section in the sidebar, create a new certificate entry with Name / Certificate Data / Private Key (cert and key pasted into their own separate fields this time)
- Go back to the domain's HTTPS settings — there is no dropdown or option anywhere to select the certificate just created in step 4
- Redeploy the compose service
- Visit the domain through Cloudflare (SSL mode: Full Strict) — get Error 526 "Invalid SSL Certificate"
- Inspect /etc/dokploy/traefik/dynamic/ on the server — the certificate's files (certificate.yml, chain.crt, privkey.key) exist under dynamic/certificates//, but nothing in the per-app dynamic YAML references them
Current vs. Expected behavior
Current: After creating a certificate via the dedicated Certificates section, there is no UI path to actually apply it to a specific Compose service's domain. The "Custom Certificate Resolver" field on the domain form turns out to expect a Traefik certResolver name (matching an entry under certificatesResolvers in traefik.yml's static config) rather than raw certificate/key content — pasting cert/key data there does nothing useful, and there's no inline indication of this expected format.
Expected: After saving a certificate in the Certificates section, the domain's HTTPS settings should offer a way to select it (the docs at docs.dokploy.com/docs/core/certificates imply this should exist — "select your newly created certificate" — but no such control appears in the domain form for a Compose service). Selecting it should result in Traefik actually using that certificate for the domain's TLS handshake.
Provide environment information
OS: Ubuntu 24.04.3 LTS
Arch: x86_64
Dokploy version: 0.29.8
VPS Provider: <fill in your provider>
Applications: Docker Compose stack — Node.js/Express API, static SPA served via nginx, Next.js app, MySQL, Redis
Which area(s) are affected? (Select all that apply)
Docker Compose
Are you deploying the applications where Dokploy is installed or on a remote server?
Same server where Dokploy is installed
Additional context
Cloudflare was set to Full (Strict) SSL mode, which requires the origin (Traefik) to present a valid certificate — this is why the missing certificate-selection UI became a blocker rather than a cosmetic gap. Worked around by switching Cloudflare to Flexible mode instead, which avoids needing an origin certificate entirely, but that's a workaround, not a fix for the underlying gap.
Will you send a PR to fix it?
Yes
To Reproduce
Current vs. Expected behavior
Current: After creating a certificate via the dedicated Certificates section, there is no UI path to actually apply it to a specific Compose service's domain. The "Custom Certificate Resolver" field on the domain form turns out to expect a Traefik certResolver name (matching an entry under certificatesResolvers in traefik.yml's static config) rather than raw certificate/key content — pasting cert/key data there does nothing useful, and there's no inline indication of this expected format.
Expected: After saving a certificate in the Certificates section, the domain's HTTPS settings should offer a way to select it (the docs at docs.dokploy.com/docs/core/certificates imply this should exist — "select your newly created certificate" — but no such control appears in the domain form for a Compose service). Selecting it should result in Traefik actually using that certificate for the domain's TLS handshake.
Provide environment information
Which area(s) are affected? (Select all that apply)
Docker Compose
Are you deploying the applications where Dokploy is installed or on a remote server?
Same server where Dokploy is installed
Additional context
Cloudflare was set to Full (Strict) SSL mode, which requires the origin (Traefik) to present a valid certificate — this is why the missing certificate-selection UI became a blocker rather than a cosmetic gap. Worked around by switching Cloudflare to Flexible mode instead, which avoids needing an origin certificate entirely, but that's a workaround, not a fix for the underlying gap.
Will you send a PR to fix it?
Yes