Domain ownership
Verify that the user controls a custom domain.
Ownership checks prove that the user controls a hostname. Appaloft should not mark a custom domain as ready until control is verified, and ownership failures should not be reported as deployment failures.
Ownership checks usually happen after creating or updating a custom domain binding. Add the DNS record Appaloft provides, then check again.
DNS instructions should include:
- Record type, such as
CNAME,A,AAAA, or TXT. - Host name, the record name to configure.
- Target value, such as proxy entrypoint or verification token.
- TTL or expected propagation window.
Copy the value Appaloft provides. Do not search logs for tokens or use secrets as DNS values.
Common states:
pending: required DNS records have not been observed.checking: Appaloft is checking DNS or proxy observations.verified: control of the hostname is confirmed.failed: records exist but values do not match, or resolution failed.
After DNS changes, pending can simply mean propagation has not completed.
Retry when:
- DNS records were just added or changed.
- The DNS provider shows the record as saved.
- Appaloft reported timeout or temporary resolution failure.
appaloft domain-binding retry-verification <domainBindingId> creates a new ownership verification attempt. It keeps earlier attempts as history and does not retry certificate issuance, revoke certificates, repair proxy routes, redeploy, or roll back deployments.
Fix before retrying when:
- Record type is wrong.
- Host name is wrong.
- Target value does not match.
- The domain still points at an old server or proxy.
Next step: TLS certificates.