Custom Domains for Dedicated Cloud Gateways
Konnect integrates domain name management and configuration with managed data planes.
Konnect configuration
-
Open Gateway Manager, choose a control plane to open the Overview dashboard, then click Connect.
The Connect menu will open and display the URL for the Public Edge DNS. Save this URL.
-
Select Custom Domains from the side navigation, then New Custom Domain, and enter your domain name.
Save the values that appear under CNAME and Content.
Domain registrar configuration
- Log in to your domain registrar’s dashboard.
- Navigate to the DNS settings section. This area might be labeled differently depending on your registrar.
- Locate the option to add a new CNAME record and create the following records using the values saved in the Konnect configuration section. For example, in AWS Route 53, it would look like this:
Host Name | Record Type | Routing Policy | Alias | Evaluate Target Health | Value | TTL |
---|---|---|---|---|---|---|
_acme-challenge.example.com |
CNAME | Simple | No | No | _acme-challenge.9e454bcfec.acme.gateways.konghq.com |
300 |
example.com |
CNAME | Simple | No | No | 9e454bcfec.gateways.konghq.com |
300 |
Note: DNS validation statuses for Dedicated Cloud Gateways are refreshed every 5 minutes.
Delete a custom domain
-
In Konnect, open Gateway Manager, choose a control plane to open the Overview dashboard, then click Custom Domains.
-
Click the action menu on the end of the row you want to delete and click Delete.
Custom domain attachment and CAA record troubleshooting
If your custom domain attachment fails, check if your domain has a Certificate Authority Authorization (CAA) record restricting certificate issuance. Dedicated Cloud Gateways uses a Google Cloud Public CA to provision SSL/TLS certificates. If your CAA record doesn’t include the required CA, certificate issuance will fail.
You can resolve this issue by doing the following:
- Check existing CAA records by running
dig CAA yourdomain.com +short
. If a CAA record exists but doesn’t allow GCP Public CA (pki.goog
), update it. - Update the CAA record, if needed. For example:
yourdomain.com. CAA 0 issue "pki.goog"
- Wait for DNS propagation and retry attaching your domain.
If no CAA record exists, no changes are needed. For more information, see the Let’s Encrypt CAA Guide.