Labsco
openai logo

render-domains

✓ Official4,081

by openai · part of openai/plugins

Configures custom domains and TLS certificates on Render—DNS setup, CNAME records, apex domains, wildcard domains, and certificate troubleshooting. Use when the user needs to add a custom domain, configure DNS, set up HTTPS/TLS, troubleshoot certificate issuance, disable the onrender.com subdomain, or add a wildcard domain. Trigger terms: custom domain, DNS, CNAME, TLS, SSL, HTTPS, certificate, apex domain, wildcard domain, onrender.com, domain verification.

🧩 One of 7 skills in the openai/plugins package — works on its own, and pairs well with its siblings.

This is the playbook your agent receives when the skill activates — you don't need to read it to use the skill, but it's here to audit before installing.

Render Custom Domains

Render automatically provisions and renews TLS certificates (via Let's Encrypt and Google Trust Services) for all custom domains. All HTTP traffic is redirected to HTTPS. Custom domains work on web services and static sites only.

When to Use

  • Adding a custom domain to a web service or static site
  • Configuring DNS records (CNAME, A, or ALIAS) with a provider
  • Setting up a wildcard domain (*.example.com)
  • Troubleshooting certificate issuance or domain verification failures
  • Choosing between apex (example.com) and www (www.example.com)
  • Disabling the onrender.com subdomain after adding a custom domain

Domain Limits

Workspace tierCustom domain limit
Hobby2 custom domains (across all services)
Professional+Unlimited

Wildcard Domains

Wildcard domains (*.example.com) route all matching subdomains to one service.

Requires three CNAME records:

NameValuePurpose
*<service>.onrender.comRoutes traffic
_acme-challenge<service-id>.verify.renderdns.comLet's Encrypt validation
_cf-custom-hostname<service-id>.hostname.renderdns.comCloudflare DDoS validation

Cloudflare users: If you add *.example.com without adding the root domain to Render, disable proxying (gray cloud) for the root domain to avoid routing conflicts.

CAA Records

If your domain has CAA records, add entries for Render's certificate authorities:

example.com IN CAA 0 issue "letsencrypt.org"
example.com IN CAA 0 issuewild "letsencrypt.org"
example.com IN CAA 0 issue "pki.goog; cansignhttpexchanges=yes"
example.com IN CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"

Without these, TLS certificate issuance fails silently.

Disabling the onrender.com Subdomain

After adding at least one custom domain, you can disable the default onrender.com subdomain:

  1. Settings > Custom Domains > Render Subdomain > toggle to Disabled
  2. All requests to the onrender.com URL receive a 404
  3. Can be re-enabled at any time

References

DocumentContents
references/dns-configuration.mdProvider-specific DNS setup, apex domain options, TTL recommendations
  • render-web-services — Web service configuration, TLS, port binding
  • render-static-sites — Static site domains, CDN, headers
  • render-blueprintsdomains field in render.yaml