Custom Domains
Every web service and static site on Render automatically gets a free onrender.com address which does not change.
But you can also bring your own domains to Render easily. We handle TLS certificate creation and renewal, as well as automatic HTTP to HTTPS redirects for all your custom domains, including wildcard domains. Let’s learn how to set up your domains on Render!
Starting February 1, 2022, we will begin charging $0.60 per custom domain per month beyond the first 25 custom domains for a web service or static site. The first 25 custom domains for web services and static sites will continue to be free.Adding a Custom Domain
First, if you haven’t already, create a web service on Render. See Quickstarts in the navigation bar for sample applications.
Then go to the Settings tab for your service. You’ll see the Custom Domains section further down the page.
Click Add Custom Domain and enter your custom domain.
- If you add a domain containing
www, we automatically add the version of your domain without thewwwand redirect it to thewwwversion. - If you enter a root domain (also called an apex domain) without the
www, we automatically add thewwwversion and redirect it to the root domain.
You should now see the following message with instructions to update DNS settings with your DNS provider. See the next section for how to do this.
Adding a Wildcard Custom Domain
When you add a wildcard custom domain to Render, you have to add two CNAME records to your DNS settings. The first CNAME record for * allows Render to respond to your wildcard domain, a second _acme-challenge CNAME record allows Render to manage Let’s Encrypt wildcard certificate issuance and renewal on your behalf, and a third _cf-custom-hostname CNAME record is required for Cloudflare to validate ownership. This is what it looks like for *.example.com:
Important Note When Using Cloudflare With Wildcard Domains
All Render services come with Cloudflare’s DDoS protection. Due to technical limitations with the way Cloudflare manages wildcard records, there are certain conditions that will prevent you from using your own Cloudflare account for your site while it’s hosted on Render. If you are adding a wildcard domain (e.g. *.example.com) to Render but not adding the base domain (e.g. example.com), using Cloudflare with proxying enabled (orange cloud) will cause traffic for the base domain to be sent to the same Render origin as your wildcard domain. In order to prevent service disruptions, you must ensure that proxying for your base domain is disabled (gray cloud). If you have any questions, you can get in touch with us at support@render.com.
Configuring DNS to Point to Render
At this point, you’ll need to work with your DNS provider to add CNAME, ANAME, ALIAS or A records pointing to Render. We have instructions for common providers below:
Make sure to remove any existing AAAA records for your domains when you update your DNS settings. AAAA records map a domain to a corresponding IPv6 record, but Render does not support IPv6 addresses yet. As a result, AAAA records can interfere with Render hosting your custom domains.
Once you’ve updated your DNS records, it can take a few minutes for your domains to be verified on Render. See Speed up Domain Verification below.
You’ll see the domain verification status in green once everything is good to go.
🎉 You’re all set! Your custom domains will start pointing to your Render service and we’ll continue to issue and renew TLS certificates for them as long as you’re using Render.
CAA Records
Render uses Let’s Encrypt and Google Trust Services to issue certificates for your custom domain. If you have any CAA records with your DNS provider, please ensure that Let’s Encrypt (letsencrypt.org) and Google Trust Services (pki.goog) are included. If you add a wildcard custom domain, ensure issuewild records are correct. You may ignore this if you do not have any CAA records.
Example
example.com IN CAA 0 issue "letsencrypt.org"
example.com IN CAA 0 issuewild "letsencrypt.org"
example.com IN CAA 0 issue "pki.goog; cansignhttpexchanges=yes"
example.com IN CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"Speed up Domain Verification
We recommend removing cached entries in public DNS servers after updating your DNS records. This is especially important if you’re updating nameservers for your domains. Clearing the cache will speed up DNS verification and TLS certificate issuance for your domains.
Use the links below to clear cached records in popular public DNS servers:
As always, if you run into any trouble, find us on Render Community or email us at support@render.com and we’ll be glad to help out.
Domains with Unicode Characters
If your custom domain contains special characters (Unicode), you’ll need to convert it to Punycode (just ASCII) to add it to Render. For example, ëxample.com would become xn--xample-ova.com. Services such as Punycoder can help with these conversions.