Every web service and static site on Render automatically gets a free
onrender.com address which does not change.
But you can also bring your own domains to Render easily. We handle TLS certificate creation and renewal, as well as automatic HTTP to HTTPS redirects for all your custom domains, including wildcard domains. Let’s learn how to set up your domains on Render!Starting February 1, 2022, we will begin charging $0.60 per custom domain per month beyond the first 25 custom domains for a web service or static site. The first 25 custom domains for web services and static sites will continue to be free.
First, if you haven’t already, create a web service on Render. See Quickstarts in the navigation bar for sample applications.
Then go to the Settings tab for your service. You’ll see the Custom Domains section further down the page.
Click Add Custom Domain and enter your custom domain.
- If you add a domain containing
www, we automatically add the version of your domain without the
wwwand redirect it to the
- If you enter a root domain (also called an apex domain) without the
www, we automatically add the
wwwversion and redirect it to the root domain.
You should now see the following message with instructions to update DNS settings with your DNS provider. See the next section for how to do this.
When you add a wildcard custom domain to Render, you have to add two
CNAME records to your DNS settings. The first
CNAME record for
* allows Render to respond to your wildcard domain, a second
CNAME record allows Render to manage Let’s Encrypt wildcard certificate issuance and renewal on your behalf, and a third
CNAME record is required for Cloudflare to validate ownership. This is what it looks like for
All Render services come with Cloudflare’s DDoS protection. Due to technical limitations with the way Cloudflare manages wildcard records, there are certain conditions that will prevent you from using your own Cloudflare account for your site while it’s hosted on Render. If you are adding a wildcard domain (e.g.
*.example.com) to Render but not adding the base domain (e.g.
example.com), using Cloudflare with proxying enabled (orange cloud) will cause traffic for the base domain to be sent to the same Render origin as your wildcard domain. In order to prevent service disruptions, you must ensure that proxying for your base domain is disabled (gray cloud). If you have any questions, you can get in touch with us at email@example.com.
At this point, you’ll need to work with your DNS provider to add
A records pointing to Render. We have instructions for common providers below:
Make sure to remove any existing
AAAA records for your domains when you update your DNS settings.
AAAA records map a domain to a corresponding IPv6 record, but Render does not support IPv6 addresses yet. As a result,
AAAA records can interfere with Render hosting your custom domains.
Once you’ve updated your DNS records, it can take a few minutes for your domains to be verified on Render. See Speed up Domain Verification below.
You’ll see the domain verification status in green once everything is good to go.
🎉 You’re all set! Your custom domains will start pointing to your Render service and we’ll continue to issue and renew TLS certificates for them as long as you’re using Render.
Render uses Let’s Encrypt and Google Trust Services to issue certificates for your custom domain. If you have any CAA records with your DNS provider, please ensure that Let’s Encrypt (
letsencrypt.org) and Google Trust Services (
pki.goog) are included. If you add a wildcard custom domain, ensure
issuewild records are correct. You may ignore this if you do not have any CAA records.
example.com IN CAA 0 issue "letsencrypt.org" example.com IN CAA 0 issuewild "letsencrypt.org" example.com IN CAA 0 issue "pki.goog; cansignhttpexchanges=yes" example.com IN CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"
We recommend removing cached entries in public DNS servers after updating your DNS records. This is especially important if you’re updating nameservers for your domains. Clearing the cache will speed up DNS verification and TLS certificate issuance for your domains.
Use the links below to clear cached records in popular public DNS servers:
If your custom domain contains special characters (Unicode), you’ll need to convert it to Punycode (just ASCII) to add it to Render. For example,
ëxample.com would become
xn--xample-ova.com. Services such as Punycoder can help with these conversions.