Domains & SSL
Custom domains, SSL provisioning, and routing modes.
Last updated: 2026-03-17
Forgeon provisions SSL automatically and supports both default and custom domains.
Default domains
Each environment gets a default Forgeon domain, for example:
my-app-preview.forgeon.iomy-app-prod.forgeon.io
Custom domains (recommended flow)
- Add a domain in Project → Domains
- Point DNS to the Forgeon edge
- SSL will be issued automatically
DNS records by scenario
| Scenario | Record | Value target |
| --- | --- | --- |
| Root domain (example.com) | A or ALIAS/ANAME | Forgeon edge target from dashboard |
| Subdomain (app.example.com) | CNAME | Project domain target from dashboard |
| Verification (if requested) | TXT | Token shown in Domains panel |
Use exactly the values shown in your project domain settings to avoid mismatch across environments.
Routing modes
- Domain‑based (default)
- Path‑based (advanced)
SSL lifecycle (important)
- Certificate issuance starts after DNS validation succeeds.
- Renewals are automatic before expiration.
- If cert appears valid in file but browser still old, ensure reverse proxy reload has run.
Troubleshooting matrix
| Symptom | Most likely cause | Fix | | --- | --- | --- | | Domain not resolving | DNS not propagated or wrong record type | Recheck DNS record type and value | | SSL pending too long | Domain not yet verified to edge | Confirm verification record and wait propagation | | Browser shows wrong cert CN | Another proxy/server is serving 443 | Check active listener and reload correct nginx | | Works on default domain, fails on custom | Domain attached to wrong environment | Re-map domain to intended environment |
Smoke-check after every domain change
curl -I https://<domain>returns200(or expected301/302).- Certificate CN/SAN includes your domain.
- Expiry > 30 days.
- App content corresponds to the correct project/environment.