Configuring Cloudflare DNS

This guide assumes you've added your domains to the corresponding Render service. If you haven't done this yet, follow the steps to add custom domains to your service.

To configure Cloudflare for custom domains, we need to set up CNAME records for all the domains you want to point to your Render app. In this guide, we’ll configure Cloudflare for and

Make sure to remove any existing AAAA records for your domains when you update your DNS settings. AAAA records map a domain to a corresponding IPv6 record, but Render does not support IPv6 addresses yet. As a result, AAAA records can interfere with Render hosting your custom domains.

  1. Log into Cloudflare, and go to the SSL/TLS settings for your domain. Set SSL/TLS to Full.

    Cloudflare SSL/TLS settings

  2. Go to the DNS settings for your domain.

  3. Add a CNAME record for to point to your Render subdomain which looks like

    Cloudflare Root CNAME Addition

    Make sure the proxy status is set to DNS only (gray cloud). This ensures your requests go to Render instead of Cloudflare so that we can verify the domain and issue a certificate.

  4. Add another CNAME record for your www domain . Again, toggle the proxy status to DNS only (gray cloud).

    Cloudflare www CNAME Addition

    The final configuration should look something like this:

    Cloudflare DNS records with two CNAME records

That’s it! DNS changes can take a few minutes to propagate, but once they do you should be all set.

The proxy status DNS only (gray cloud) is required until the certificates are issued and working. You can then enable Proxied (orange cloud).

Add a Wildcard Custom Domain Without Adding the Base Domain

If your custom domain setup meets all the following conditions, an additional configuration is required to host your application on Render while using Cloudflare.

  1. You are adding a wildcard custom domain (e.g. * to Render
  2. You are not adding the corresponding base domain (e.g. to Render
  3. You are using Cloudflare to manage your custom domains with proxying enabled (orange cloud) for the base domain.

Origin Override with a Cloudflare Worker

In order to direct wildcard traffic to Render and base domain traffic elsewhere, you can use a Cloudflare Worker to perform an origin override.

The following instructions assume that you have the custom domain You want your Render web service to serve traffic for * and you want to serve traffic for

Add a DNS record pointing to

Cloudflare Base Domain DNS Record

Create a Worker

  • Navigate to Workers -> Overview -> Create Service
  • Name your service base-domain-override, select HTTP Handler, and click Create service

Cloudflare Create a Service

  • Scroll down and click Quick Edit
  • Add the following configuration. Replace with your custom domain and make sure the base-domain-origin subdomain matches the DNS record you created in the first step.
addEventListener('fetch', event => {

async function handleRequest(request) {
  return fetch(request, { cf: { resolveOverride: "" } })

Cloudflare Worker Configuration

  • Click Save and Deploy -> Navigate back to the Worker overview page -> Click Triggers -> Add Route
  • Add a route matching your base domain and click Add Route

Cloudflare Triggers

  • Finally, add CNAME records for both your base domain and wildcard domain pointing to your onrender subdomain. Pointing your base domain to Render is required for an orange to orange setup. With this configuration, Cloudflare will send traffic to your zone first. The Worker that you just set up will match the route and trigger an origin override, so traffic for the base domain will not get sent to Render. If you do not do this, Cloudflare will send the traffic directly to Render’s zone and the Worker you set up wil have no effect.

Cloudflare DNS Records

Your wildcard traffic should now be directed to Render and your base domain traffic directed to the origin you specified. If you have any questions, you can get in touch with us at