How to Enable HTTPS Automatically on DigitalOcean App Platform
DigitalOcean App Platform automatically enables HTTPS for all apps using Let's Encrypt certificates with no manual setup. Add a custom domain via the dashboard, configure DNS (CNAME to your-app.ondigitalocean.app), and wait for propagation. HTTP redirects to HTTPS automatically once active.
Prerequisites
- DigitalOcean account with billing enabled
- Deployed app on App Platform
- Custom domain registered with DNS provider
- Access to DigitalOcean control panel
Step-by-Step Instructions
Log in to DigitalOcean Control Panel
Create or Select Your App
Deploy New App (If Needed)
main), source directory (default: /). Configure Service name (e.g., sample-nodejs), Run command (e.g., yarn start), Internal port (default: 8080). On Environment page, add variables (e.g., key: API_KEY, scope: RUN_AND_BUILD_TIME, type: SECRET); click Encrypt for secrets. Set Region (default: nyc), autoscaling (min instances: 2, max: 4, CPU: 70%). Click Next > Create Resources.Add Custom Domain
www.myapp.com or example.com), type: PRIMARY, zone: example.com. Click Add Domain. This triggers automatic HTTPS provisioning via Let's Encrypt.Configure DNS (DigitalOcean Nameservers)
ns1.digitalocean.com, ns2.digitalocean.com, ns3.digitalocean.com. Copy exact ondigitalocean.app alias from dashboard confirmation.Configure DNS (External Provider)
www pointing to your-app.ondigitalocean.app (TTL: 3600s). Use exact alias from dashboard. Save and wait for propagation (minutes to 48 hours).Verify HTTPS Activation
https://www.myapp.com: browser padlock appears, HTTP auto-redirects to HTTPS. Check logs in Insights > Logs.Optional: API Configuration
curl -X PUT \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
"https://api.digitalocean.com/v2/apps/{app-id}" \
-d '{"domains":[{"domain":"www.myapp.com","type":"PRIMARY","zone":"myapp.com"}]}'{app-id} (from doctl apps list).Common Issues & Troubleshooting
"Can't Establish a Secure Connection" or ERR_SSL_PROTOCOL_ERROR
DNS resolves but SSL not issued yet. Ping domain and app URL—IPs must match. Wait 5-30 min (up to 48h), recheck dashboard. Ensure no https:// in domain field.
Domain validation fails or "Invalid domain" error
Domain in use or malformed. Enter only domain/subdomain (e.g., sub.example.com). Verify ownership and try different subdomain.
HTTPS not active after DNS propagation
Check app logs for errors. Refresh dashboard Domains tab. Confirm CNAME points to exact ondigitalocean.app alias. Test default app URL works.
HTTP not redirecting to HTTPS
App Platform auto-upgrades HTTP to HTTPS once cert provisioned. Verify domain healthy in dashboard. Clear browser cache.
Custom domain resolves wrong IP
Incorrect DNS record. Update CNAME to match dashboard alias. Wait propagation or flush DNS (dig or online tools to verify).