Custom Domains for Serverless Gateways
Konnect integrates domain name management and configuration with Serverless gateways.
Konnect configuration
-
Open Gateway Manager, choose a control plane to open the Overview dashboard, then click Connect.
The Connect menu will open and display the URL for the Public Edge DNS. Save this URL.
-
Select Custom Domains from the side navigation, then New Custom Domain, and enter your domain name.
Save the value that appears under CNAME.
Domain registrar configuration
- Log in to your domain registrar’s dashboard.
- Navigate to the DNS settings section. This area might be labeled differently depending on your registrar.
- Locate the option to add a new CNAME record and create the following record using the value saved in the Konnect configuration section. For example, in AWS Route 53, it would look like this:
Host Name | Record Type | Routing Policy | Alias | Evaluate Target Health | Value | TTL |
---|---|---|---|---|---|---|
my.example.com |
CNAME | Simple | No | No | 9e454bcfec.kongcloud.dev |
300 |
Note: Once a Serverless Gateway custom DNS record has been validated, it will not be refreshed or re-validated. Remove and re-add the custom domain in Konnect to force a re-validation.
Delete a custom domain
-
In Konnect, open Gateway Manager, choose a control plane to open the Overview dashboard, then click Custom Domains.
-
Click the action menu on the end of the row you want to delete and click Delete.
Custom domain attachment and CAA record troubleshooting
If your custom domain attachment fails, check if your domain has a Certificate Authority Authorization (CAA) record restricting certificate issuance. Serverless Gateways use Let’s Encrypt CA to provision SSL/TLS certificates. If your CAA record doesn’t include the required CA, certificate issuance will fail.
You can resolve this issue by doing the following:
- Check existing CAA records by running
dig CAA yourdomain.com +short
. If a CAA record exists but doesn’t allow Let’s Encrypt (letsencrypt.org
), update it. - Update the CAA record, if needed. For example:
yourdomain.com. CAA 0 issue "letsencrypt.org"
- Wait for DNS propagation and retry attaching your domain.
If no CAA record exists, no changes are needed. For more information, see the Let’s Encrypt CAA Guide.