Skip to content

Custom certificate created in Certificates section has no way to be applied to a Compose service's domain #4704

Description

@Mubashir-teapot

To Reproduce

  1. Create a Compose application, deploy it successfully
  2. Go to the application's Domains tab, add a domain, set "Certificate Provider" to "Custom"
  3. The form shows a "Custom Certificate Resolver" text field — paste a certificate + private key (e.g. a Cloudflare Origin CA cert) into it and save
  4. Separately, go to the dedicated "Certificates" section in the sidebar, create a new certificate entry with Name / Certificate Data / Private Key (cert and key pasted into their own separate fields this time)
  5. Go back to the domain's HTTPS settings — there is no dropdown or option anywhere to select the certificate just created in step 4
  6. Redeploy the compose service
  7. Visit the domain through Cloudflare (SSL mode: Full Strict) — get Error 526 "Invalid SSL Certificate"
  8. Inspect /etc/dokploy/traefik/dynamic/ on the server — the certificate's files (certificate.yml, chain.crt, privkey.key) exist under dynamic/certificates//, but nothing in the per-app dynamic YAML references them

Current vs. Expected behavior

Current: After creating a certificate via the dedicated Certificates section, there is no UI path to actually apply it to a specific Compose service's domain. The "Custom Certificate Resolver" field on the domain form turns out to expect a Traefik certResolver name (matching an entry under certificatesResolvers in traefik.yml's static config) rather than raw certificate/key content — pasting cert/key data there does nothing useful, and there's no inline indication of this expected format.

Expected: After saving a certificate in the Certificates section, the domain's HTTPS settings should offer a way to select it (the docs at docs.dokploy.com/docs/core/certificates imply this should exist — "select your newly created certificate" — but no such control appears in the domain form for a Compose service). Selecting it should result in Traefik actually using that certificate for the domain's TLS handshake.

Provide environment information

OS: Ubuntu 24.04.3 LTS
Arch: x86_64
Dokploy version: 0.29.8
VPS Provider: <fill in your provider>
Applications: Docker Compose stack — Node.js/Express API, static SPA served via nginx, Next.js app, MySQL, Redis

Which area(s) are affected? (Select all that apply)

Docker Compose

Are you deploying the applications where Dokploy is installed or on a remote server?

Same server where Dokploy is installed

Additional context

Cloudflare was set to Full (Strict) SSL mode, which requires the origin (Traefik) to present a valid certificate — this is why the missing certificate-selection UI became a blocker rather than a cosmetic gap. Worked around by switching Cloudflare to Flexible mode instead, which avoids needing an origin certificate entirely, but that's a workaround, not a fix for the underlying gap.

Will you send a PR to fix it?

Yes

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions