Skip to content

Configuring DNS & TLS

Based off the root DNS zone set in EE Site Configuration (for instance,, set the following DNS A records to point at your instance's IP ( in this example):

A *


For TLS, your certificate should have as the Common Name (CN), and the following Subject Alternative Name (SAN's):

  • *

TLS Certificate Renewal

Having trouble updating your TLS cert in StackBlitz? Follow these instructions:

  1. SSH into your StackBlitz host VM

  2. Retrieve the existing StackBlitz application certificate and key via ​kubectl get secret -o jsonpath={.data} stackblitz-tls-secret

  3. Create a new yaml file on the host VM called new-kotsadm-tls.yaml based on the template below:

    apiVersion: v1
    kind: Secret
      annotations: stackblitz "true"
      labels: stackblitz velero
      name: kotsadm-tls
      namespace: default
      hostname: <your hosted zone>
      tls.crt: <tls.crt value from step 2>
      tls.key: <tls.key value from step 2>
  4. Replace the stringData.hostname field with your existing stackblitz hosted zone (ex: stackblitz.[COMPANY].com). This DNS name should already be configured properly for your instance.

  5. Replace the data.tls.crt and data.tls.key with the values you retrieved in step 2. Be sure to copy these values exactly as single lines without adding additional whitespace.

  6. Save new-kotsadm-tls.yaml

  7. Back up the existing self-signed cert via kubectl get secret -o yaml kotsadm-tls > old-kotsadm-tls.yaml.

  8. Delete the old self-signed certificate via kubectl delete secret kotsadm-tls.

  9. Apply the new cert via kubectl apply -f new-kotsadm-tls.yaml.

  10. Visit the dashboard by navigating to the hostname you entered in step 4 on port 8800 (ex: