TempsTemps

Add a Custom Domain

Replace the auto-assigned subdomain with your own domain. Temps provisions SSL certificates automatically via Let's Encrypt and renews them before they expire.

Create a DNS record

Before adding a domain in Temps, point it to your server. The record type depends on whether you are using a subdomain or the apex (root) domain.

For subdomains (e.g. app.yourdomain.com)

Add an A record pointing to your server's IP. If you have a hostname for your server, a CNAME works too:

TypeNameValue
AappYour server's IP address
CNAMEappyour-server.example.com

For apex domains (e.g. yourdomain.com)

Apex domains (no subdomain) require an A record — CNAME records are not allowed at the zone root by DNS standards:

TypeNameValue
A@Your server's IP address

Wait for DNS propagation. This usually takes a few minutes, but can take up to 48 hours in rare cases.

Cloudflare users: If you use Cloudflare's proxy (orange cloud), SSL will work but certificate provisioning uses Cloudflare's certificates instead of Let's Encrypt. To use Temps' built-in Let's Encrypt provisioning, set the DNS record to DNS only (grey cloud) during initial setup. You can re-enable the proxy afterward.

Provider-specific steps

1. Log in to the Cloudflare dashboard
2. Select your domain
3. Go to DNS > Records
4. Click "Add record"
5. Type: A (or CNAME for subdomains)
6. Name: your subdomain (e.g. "app") or "@" for apex
7. IPv4 address: your server IP
8. Proxy status: DNS only (gray cloud) — disable the orange cloud
   (Temps handles TLS itself; the Cloudflare proxy would interfere)
9. Click Save

Add the domain in Temps

  1. Open your project in the dashboard
  2. Click Domains in the project sidebar
  3. Click Add Domain
  4. Enter your domain name (e.g. app.yourdomain.com)
  5. Select the environment this domain should route to (usually production)
  6. Choose the SSL challenge type (see below)
  7. Click Add

Temps verifies the domain ownership, provisions an SSL certificate, and starts routing traffic. The certificate renews automatically before it expires. You receive a notification 30 days before expiration as an extra safeguard.

Prefer the CLI? Add a domain with bunx @temps-sdk/cli custom-domains create. See the CLI reference for the full custom-domains command group.

Choose an SSL challenge type

Let's Encrypt needs to verify you control the domain before issuing a certificate. Temps supports two verification methods:

HTTP-01 (Default)

Let's Encrypt makes an HTTP request to your domain on port 80. Temps handles this automatically.

Requirements:

  • Port 80 must be open and reachable from the internet
  • The DNS record must point to your server

Use for: Standard domains like app.yourdomain.com

DNS-01

Let's Encrypt verifies a TXT record in your domain's DNS. Temps creates and removes this record automatically if you have a DNS provider configured.

Requirements:

  • A DNS provider connected in Settings > DNS Providers (Cloudflare, Route 53, DigitalOcean, Namecheap, Azure DNS, or Google Cloud DNS)

Use for: Wildcard domains (*.yourdomain.com) — HTTP-01 does not support wildcards. Also useful when port 80 is not reachable.

Verify DNS and certificate

After adding the DNS record, Temps automatically checks propagation across multiple public DNS resolvers (Google, Cloudflare, Quad9, and OpenDNS). The Domains page shows the current state (such as challenge_requested or active) along with certificate renewal and expiration dates.

You can also verify manually with dig:

# Check the A record
dig +short app.yourdomain.com A

# Check the CNAME record
dig +short app.yourdomain.com CNAME

# Check the TXT record (for DNS-01)
dig +short _acme-challenge.yourdomain.com TXT

Once DNS verification passes, Temps creates an ACME order with Let's Encrypt, the challenge is validated (HTTP-01 or DNS-01), and the certificate is stored securely (the private key is encrypted with AES-256-GCM). The proxy starts serving HTTPS immediately and the domain status changes to active.

Certificates are valid for 90 days and renew automatically — you do not need to take any action.

Set up a wildcard domain

A wildcard domain routes all subdomains to Temps, so each project or environment can get its own subdomain automatically (e.g. my-app.yourdomain.com, staging.yourdomain.com).

Step 1: Add a wildcard DNS record

*.yourdomain.com  →  A  →  YOUR_SERVER_IP

Step 2: Connect a DNS provider

Wildcard certificates require DNS-01 validation, which means Temps needs API access to your DNS provider.

  1. Go to Settings > DNS Providers
  2. Click Add DNS Provider
  3. Choose your provider and enter the API credentials:
    • Cloudflare — API token with Zone:DNS:Edit permission
    • Route 53 — AWS access key with Route 53 permissions
    • DigitalOcean — API token
    • Namecheap — API user and API key
    • Azure DNS — Service principal credentials
    • Google Cloud DNS — Service account key

Step 3: Add the wildcard domain

  1. Go to Domains in your project (or in global settings for the platform-wide preview domain)
  2. Add *.yourdomain.com
  3. Select DNS-01 as the challenge type
  4. Select your DNS provider
  5. Click Add

Temps creates the required TXT record, waits for verification, and issues a wildcard certificate. All subdomains under yourdomain.com are now covered.

Multiple domains

You can route multiple domains to the same project. Add each one from the project's Domains page. Common patterns:

www and apex

Add both yourdomain.com and www.yourdomain.com. Both get separate TLS certificates and route to the same application. You can configure one as a redirect to the other using the Redirect to option when assigning the domain.

Different domains per environment

EnvironmentDomain
Productionapp.yourdomain.com
Stagingstaging.yourdomain.com
Previewpreview-branch.your-server.com (auto-assigned)

Troubleshooting

  • Name
    Certificate provisioning fails
    Description

    Check DNS propagation: Run dig app.yourdomain.com (or use an online DNS checker) and verify the A record points to your server's IP.

    Check port 80: For HTTP-01 challenges, port 80 must be open. Test with: curl -v http://app.yourdomain.com/.well-known/acme-challenge/test

    Check the TXT record: For DNS-01 challenges, the TXT record must match exactly — copy and paste it from the dashboard.

    Check firewall: Ensure your server's firewall allows inbound connections on ports 80 and 443.

    The domain detail view includes the Let's Encrypt rejection reason when provisioning fails.

  • Name
    Domain shows as pending
    Description

    Certificate provisioning usually completes in under a minute. If the domain stays in a pending state:

    • Verify the DNS record exists and has propagated
    • Check that no other service (nginx, Apache) is competing for port 80
    • Try removing and re-adding the domain
  • Name
    HTTPS works but shows the wrong app
    Description

    Verify the domain is assigned to the correct project and environment on the project's Domains page. If you recently moved the domain between projects, wait for the route table to update.

  • Name
    SSL certificate expired
    Description

    Temps renews certificates automatically. If a certificate expires:

    • Check that port 80 is still open (for HTTP-01)
    • Check that the DNS provider credentials are still valid (for DNS-01)
    • Temps sends a notification 30 days before expiration — check your notification channels
  • Name
    Mixed content warnings
    Description

    If your application loads resources over HTTP while the page is served over HTTPS, browsers will block or warn about mixed content. Ensure all internal URLs use https:// or protocol-relative paths (//).

What to explore next

Set up preview deployments Manage environment variables Domains & SSL concepts

Was this page helpful?