Custom Domains

Learn how to add a custom domain.

Edit this page on GitHub | Report an issue with this doc

This section provides information on how to add a custom domain to the Pantheon platform.

Custom Domains

Pantheon provides the values for your DNS records that are assigned with your DNS service provider when adding a custom domain to your site:

DNS Recommendations

If you don't already own a domain name, register one with a third-party provider. Pantheon is not a domain registrar, but we've created documentation for several popular DNS managers:

DNS Host-Specific Instructions

Connect your custom domain on the Site Dashboard, and point DNS at Pantheon to trigger automated HTTPS provisioning.

A paid plan is required to connect custom domains to your site, up to the following limits:

	Custom Domain Limit (per site)	Free and Managed HTTPS
Basic	5	✔
Performance S	10	✔
Performance M	15	✔
Performance L	35	✔
Performance XL	70	✔
Elite	270	✔

For more details on connecting custom domains, see https://docs.pantheon.io/guides/domains/custom-domains

Note

Add all domains (example.com and www.example.com are different domains) you want to resolve to Pantheon within the Site Dashboard, for each respective environment, as described in Launch Essentials. Automatic resolution of domains and wildcards are not supported.

Note that each custom domain is counted regardless of the environment to which it's added.

Add a Custom Domain

Google Top Level Domains and HSTS

In September 2017, Google announced that is was planning to make HSTS preloading mandatory for the Top-Level Domains (TLDs) available exclusively through Google Registry. That means that, moving forward, some TLDs will automatically redirect to HTTPS, and will be unable to load insecure sites or site pages. When selecting a domain to use as a custom or vanity domain, it's important to note the 45 TLDs that are subject to mandatory HSTS preloading:

.gle .prod .docs .cal .soy .how .chrome .ads .mov .youtube .channel .nexus .goog
.boo .dad .drive .hangout .new .eat .app .moto .ing .meme .here .zip .guge .car
.foo .day .dev .play .gmail .fly .gbiz .rsvp .android .map .page .google .dclk
.search .prof .phd .esq .みんな .谷歌 .グーグル

When using one of the above domains as a vanity domain, keep in mind that every environment domain must have HTTPS provisioned or that environment's domain will be inaccessible. Because Pantheon doesn't provision HTTPS for vanity domains, this will need to be set up and managed using a custom certificate. You should also keep in mind that any Multidev environments created using a secure only TLD will need to have HTTPS provisioned before the site domain will work.

When using one of the above TLDs as a custom domain for your site, Pantheon will provision the necessary certificates if you are using Pantheon's automated Global CDN. If the site is using a custom certificate, then each custom domain needs to have the certificate provisioned by the 3rd-party used to manage HTTPS for the site.

Log in as an Admin, Team Member, or Privileged User.
Go to the Site Dashboard for the environment you want the domain to point to (usually Live), and then click the Domains / HTTPS tab.
Enter a domain and click Connect Domain:

If one (or more) domains have already been added, click Connect Domain:
Verify ownership by adding a new DNS TXT value or by uploading a file to a specific URL.
Select the method you prefer, and follow the instructions. Note that the values are randomized for security.
Click Verify Ownership to confirm, or to skip HTTPS provisioning for now, click Skip without HTTPS:

It might take 30 minutes or more for DNS records to propagate, depending on your DNS host and your domain's TTL values. If you encounter issues after 30 minutes, check some of the following:
- Ensure that there's no "parking page" or redirect configured in your DNS.
- The TXT record's Host value doesn't have a trailing ..
- That the DNS value has propagated.
  You'll automatically be taken to the domain's Details page where you will see both the current DNS records detected (the Detected Values), as well as the values to be added at your DNS host (Required Values):
If you instead see:
Waiting for HTTPS, DNS records will be provided when HTTPS provisioning completes.
Wait a minute, then refresh the page.
Add the values to your DNS management service. Refer to Introduction to Domain Name Services for more details.
- Note that if the Platform detects a CNAME record, the Status will show Remove this detected record on the line with the CNAME. Remove the CNAME from the DNS management service to avoid potential issues or interruptions.