Custom Domains
Every web service and static site on Render automatically gets a free onrender.com
address which does not change.
But you can also bring your own domains to Render easily. We handle TLS certificate creation and renewal, as well as automatic HTTP to HTTPS redirects for all your custom domains, including wildcard domains. Let’s learn how to set up your domains on Render!
Starting February 1, 2022, we will begin charging $0.60 per custom domain per month beyond the first 25 custom domains for a web service or static site. The first 25 custom domains for web services and static sites will continue to be free.Adding a Custom Domain
First, if you haven’t already, create a web service on Render. See Quickstarts in the navigation bar for sample applications.
Then go to the Settings tab for your service. You’ll see the Custom Domains section further down the page.
Click Add Custom Domain and enter your custom domain.
- If you add a domain containing
www
, we automatically add the version of your domain without thewww
and redirect it to thewww
version. - If you enter a root domain (also called an apex domain) without the
www
, we automatically add thewww
version and redirect it to the root domain.
You should now see the following message with instructions to update DNS settings with your DNS provider. See the next section for how to do this.
Adding a Wildcard Custom Domain
When you add a wildcard custom domain to Render, you have to add two CNAME
records to your DNS settings. The first CNAME
record for *
allows Render to respond to your wildcard domain, a second _acme-challenge
CNAME
record allows Render to manage Let’s Encrypt wildcard certificate issuance and renewal on your behalf, and a third _cf-custom-hostname
CNAME
record is required for Cloudflare to validate ownership. This is what it looks like for *.example.com
:
Important Note When Using Cloudflare With Wildcard Domains
All Render services come with Cloudflare’s DDoS protection. Due to technical limitations with the way Cloudflare manages wildcard records, there are certain conditions that will prevent you from using your own Cloudflare account for your site while it’s hosted on Render. If you are adding a wildcard domain (e.g. *.example.com
) to Render but not adding the base domain (e.g. example.com
), using Cloudflare with proxying enabled (orange cloud) will cause traffic for the base domain to be sent to the same Render origin as your wildcard domain. In order to prevent service disruptions, you must ensure that proxying for your base domain is disabled (gray cloud). If you have any questions, you can get in touch with us at support@render.com.
Configuring DNS to Point to Render
At this point, you’ll need to work with your DNS provider to add CNAME
, ANAME
, ALIAS
or A
records pointing to Render. We have instructions for common providers below:
Make sure to remove any existing AAAA
records for your domains when you update your DNS settings. AAAA
records map a domain to a corresponding IPv6 record, but Render does not support IPv6 addresses yet. As a result, AAAA
records can interfere with Render hosting your custom domains.
Once you’ve updated your DNS records, it can take a few minutes for your domains to be verified on Render. See Speed up Domain Verification below.
You’ll see the domain verification status in green once everything is good to go.
🎉 You’re all set! Your custom domains will start pointing to your Render service and we’ll continue to issue and renew TLS certificates for them as long as you’re using Render.
CAA Records
Render uses Let’s Encrypt and Google Trust Services to issue certificates for your custom domain. If you have any CAA records with your DNS provider, please ensure that Let’s Encrypt (letsencrypt.org
) and Google Trust Services (pki.goog
) are included. If you add a wildcard custom domain, ensure issuewild
records are correct. You may ignore this if you do not have any CAA records.
Example
example.com IN CAA 0 issue "letsencrypt.org"
example.com IN CAA 0 issuewild "letsencrypt.org"
example.com IN CAA 0 issue "pki.goog; cansignhttpexchanges=yes"
example.com IN CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"
Speed up Domain Verification
We recommend removing cached entries in public DNS servers after updating your DNS records. This is especially important if you’re updating nameservers for your domains. Clearing the cache will speed up DNS verification and TLS certificate issuance for your domains.
Use the links below to clear cached records in popular public DNS servers:
As always, if you run into any trouble, find us on Render Community or email us at support@render.com and we’ll be glad to help out.
Domains with Unicode Characters
If your custom domain contains special characters (Unicode), you’ll need to convert it to Punycode (just ASCII) to add it to Render. For example, ëxample.com
would become xn--xample-ova.com
. Services such as Punycoder can help with these conversions.