The most surprising thing about Netlify custom domains and HTTPS is that Netlify’s automatic HTTPS doesn’t require you to manually configure anything on your DNS provider after you’ve pointed your domain to Netlify.
Let’s see it in action. Suppose you’ve just deployed a site to Netlify at my-awesome-site.netlify.app. You own the domain myawesomesite.com.
First, you add your custom domain in your Netlify site settings:
Netlify UI -> Site settings -> Domain management -> Custom domains -> Add custom domain
You type in myawesomesite.com and click "Verify". Netlify will tell you that myawesomesite.com is already in use. You confirm you want to add it.
Now, Netlify shows you the DNS records you need to set up at your domain registrar (like GoDaddy, Namecheap, Google Domains, etc.). For myawesomesite.com, this will typically be:
- An
Arecord for the apex domain (myawesomesite.com) pointing to Netlify’s load balancer IP address. - A
CNAMErecord for thewwwsubdomain (www.myawesomesite.com) pointing to your Netlify site’s subdomain (my-awesome-site.netlify.app).
You go to your DNS provider’s control panel and add these records. For example, in GoDaddy:
- Log in to GoDaddy.
- Go to "My Products" -> "Domains" -> select
myawesomesite.com. - Click "DNS" -> "Manage DNS".
- Under "Records", click "Add record".
- Type:
A - Name:
@(this represents the apex domain) - Value:
75.2.60.5(This is Netlify’s current load balancer IP. Always check Netlify’s docs for the most up-to-date IP, as it can change.) - TTL:
3600(1 hour)
- Type:
- Click "Add record" again.
- Type:
CNAME - Name:
www - Value:
my-awesome-site.netlify.app - TTL:
3600
- Type:
Once these DNS records are published and propagated (this can take anywhere from a few minutes to 48 hours, but is usually fast for CNAMEs), Netlify detects that your domain is pointing to them.
At this point, Netlify automatically provisions an SSL certificate for your domain using Let’s Encrypt. You don’t need to do anything else. Netlify’s system handles the ACME challenge and certificate renewal.
Your Netlify dashboard will show the status:
Netlify UI -> Site settings -> Domain management -> Custom domains
You’ll see myawesomesite.com and www.myawesomesite.com listed, with a green lock icon indicating that HTTPS is enabled.
The mental model is that Netlify acts as a reverse proxy and a DNS resolver for your custom domains. When you point your domain’s DNS records to Netlify, you’re essentially telling the internet to send all traffic for myawesomesite.com to Netlify’s servers. Netlify then receives that traffic, looks up which Netlify site it’s for, and serves the correct content. The HTTPS part is handled by Netlify’s infrastructure managing certificates for all domains pointed to it.
The key levers you control are:
- DNS Records: Precisely what you configure at your registrar to direct traffic to Netlify. This is the only manual DNS step for custom domains.
- Primary Domain: You can choose whether
myawesomesite.comorwww.myawesomesite.comis the "primary" domain. Netlify will automatically redirect traffic from non-primary to primary domains. This is set in the "Domain management" section. - Netlify Site Subdomain: This is your default
*.netlify.appaddress. While you don’t change it once created, it’s the target for yourCNAMErecord.
When you use Netlify’s DNS hosting instead of an external provider, you skip the manual A and CNAME record creation. You simply add your domain in Netlify, and Netlify automatically creates the necessary DNS records within its own DNS service. It’s a streamlined experience where Netlify manages both the DNS resolution and the certificate provisioning.
The most common confusion arises when people think they need to generate a Certificate Signing Request (CSR) or manually import certificates into Netlify, similar to traditional hosting. Netlify’s strength is abstracting this away. The A record IP address is critical; if it’s outdated, your site won’t resolve. Always verify it with Netlify’s current documentation.
After setting up your custom domain and verifying HTTPS, the next thing you’ll likely want to configure is Netlify’s branch deploys or split testing.