Domains & SSL

import { Steps, Aside } from ‘@astrojs/starlight/components’;

Every Odoo instance deployed with Deploy Monkey can be accessed via a custom domain with automatic SSL encryption.

Default Access

When you first deploy an instance, it’s accessible via your server’s IP address:

http://YOUR_SERVER_IP:8069

Deploy Monkey’s Nginx reverse proxy also makes it available on port 80/443 if no domain is configured yet.

Adding a Custom Domain

1. Configure DNS — Add an A record pointing your domain to your server’s IP address.

   Type	Name	Value	TTL
   A	erp	YOUR_SERVER_IP	300

   This example creates erp.yourdomain.com. Use @ for the root domain.

2. Add domain in Deploy Monkey — Go to your instance → Settings → Domain, and enter your domain name.

3. Verify DNS — Deploy Monkey checks that the domain resolves to your server’s IP.

4. SSL certificate — Once DNS is verified, Deploy Monkey automatically requests a Let’s Encrypt SSL certificate.

5. Done — Your instance is now accessible at https://erp.yourdomain.com.

DNS propagation can take up to 48 hours, but typically completes within 5-15 minutes. Use a short TTL (300 seconds) when first setting up.

SSL Certificates

Automatic SSL (Let’s Encrypt)

Deploy Monkey uses Let’s Encrypt to issue free SSL certificates automatically. Certificates are:

• Issued within seconds of DNS verification
• Valid for 90 days
• Renewed automatically — a background job checks every 12 hours and renews certificates approaching expiry
• Trusted by all modern browsers

Auto-Renewal

SSL certificates are renewed automatically by Deploy Monkey’s backend — no user action is required.

How it works:

• A cron job runs every 12 hours and checks all SSL-enabled instances
• Certificates within the configured renewal window (default: 30 days before expiry) are renewed via certbot
• If the primary renewal path fails (e.g., cert-name mismatch), a fallback path handles it automatically
• Your instance’s Settings page shows “Auto-renews in ~X days” so you can see when the next renewal is expected

Notifications:

• You’ll receive a notification when a certificate is actually renewed
• If renewal fails, you’ll get an incident notification asking you to contact support
• Routine checks where the certificate isn’t due yet are silent — no notification spam

The renewal window is configurable by your platform administrator (Settings → Deploy Monkey → SSL). The default is 30 days, which means renewal happens approximately 60 days into the certificate's 90-day lifetime.

HTTPS Redirect

By default, Deploy Monkey configures Nginx to redirect all HTTP traffic to HTTPS. This ensures all connections are encrypted.

Troubleshooting

SSL Certificate Not Issuing

• Verify the A record points to the correct server IP
• Ensure ports 80 and 443 are open on the server firewall
• Check that no other service is using port 80 (needed for HTTP-01 challenge)
• Wait for DNS propagation if you just added the record

Domain Not Resolving

• Check your DNS provider for the correct A record
• Use dig yourdomain.com or nslookup yourdomain.com to verify resolution
• Ensure you’re not behind a proxy (like Cloudflare with proxying enabled) that changes the IP

Mixed Content Warnings

• Update any hardcoded http:// URLs in your Odoo configuration to https://
• Set the Odoo web.base.url system parameter to your HTTPS domain