Configuring Cloudflare DNS

To configure Cloudflare for custom domains, we need to set up CNAME records for all the domains you want to point to your Render app. In this guide, we’ll configure Cloudflare for example.com and www.example.com.

Make sure to remove any existing AAAA records for your domains when you update your DNS settings. AAAA records map a domain to a corresponding IPv6 record, but Render does not support IPv6 addresses yet. As a result, AAAA records can interfere with Render hosting your custom domains.

1. Log into Cloudflare, and go to the SSL/TLS settings for your domain. Set SSL/TLS to Full.

   

   
   

2. Go to the DNS settings for your domain.

3. Add a CNAME record for example.com to point to your Render subdomain which looks like example.onrender.com.

   

   
   

   Make sure the proxy status is set to DNS only (gray cloud). This ensures your requests go to Render instead of Cloudflare so that we can verify the domain and issue a certificate.

4. Add another CNAME record for your www domain . Again, toggle the proxy status to DNS only (gray cloud).

   

   
   

   The final configuration should look something like this:

   

That’s it! DNS changes can take a few minutes to propagate, but once they do you should be all set.

The proxy status DNS only (gray cloud) is required until the certificates are issued and working. You can then enable Proxied (orange cloud).

Add a Wildcard Custom Domain Without Adding the Base Domain

If your custom domain setup meets all the following conditions, an additional configuration is required to host your application on Render while using Cloudflare.

1. You are adding a wildcard custom domain (e.g. *.example.com) to Render
2. You are not adding the corresponding base domain (e.g. example.com) to Render
3. You are using Cloudflare to manage your custom domains with proxying enabled (orange cloud) for the base domain.

Origin Override with a Cloudflare Worker

In order to direct wildcard traffic to Render and base domain traffic elsewhere, you can use a Cloudflare Worker to perform an origin override.

The following instructions assume that you have the custom domain example.com. You want your Render web service example.onrender.com to serve traffic for *.example.com and you want base-domain-origin.com to serve traffic for example.com

Add a DNS record pointing to base-domain-origin.com

Create a Worker

• Navigate to Workers -> Overview -> Create Service
• Name your service base-domain-override, select HTTP Handler, and click Create service

• Scroll down and click Quick Edit
• Add the following configuration. Replace example.com with your custom domain and make sure the base-domain-origin subdomain matches the DNS record you created in the first step.

addEventListener('fetch', event => {
 event.respondWith(handleRequest(event.request))
})

async function handleRequest(request) {
  return fetch(request, { cf: { resolveOverride: "base-domain-origin.example.com" } })
}

• Click Save and Deploy -> Navigate back to the Worker overview page -> Click Triggers -> Add Route
• Add a route matching your base domain and click Add Route

• Finally, add CNAME records for both your base domain and wildcard domain pointing to your onrender subdomain. Pointing your base domain to Render is required for an orange to orange setup. With this configuration, Cloudflare will send traffic to your zone first. The Worker that you just set up will match the route and trigger an origin override, so traffic for the base domain will not get sent to Render. If you do not do this, Cloudflare will send the traffic directly to Render’s zone and the Worker you set up wil have no effect.