Adding and configuring your domain correctly is a key step in going live with your WordPress site. To make your site accessible, you need to point your domain to Kinsta by adding the required DNS records.
DNS (Domain Name System) acts like a directory that maps your domain name (e.g., example.com) to the server where your site is hosted. Adding DNS records serves two main purposes:
Verification: Confirms that you own or control the domain
Pointing: Directs traffic from your domain to Kinsta
When you add a domain in MyKinsta, we provide the DNS records you need to correctly configure and connect your domain.
Your Domains list shows all domains that can be used to access your site. The primary domain is the main domain you want visitors to use.
Every custom domain you add is automatically secured with a free SSL certificate. Your temporary domain (e.g. sitename.kinsta.cloud) is covered by a wildcard SSL certificate for the kinsta.cloud domain. You can also choose to use your own custom SSL certificate if needed.
If you haven’t already, we also recommend reviewing our go-live checklist to make sure you have everything ready to make your site live.
Within your site’s Info page, you can view the Domains your site is using and if the SSL certificate is valid.
Domain information on your site’s Info page.
Add a domain
In MyKinsta, go to Sites > sitename > Domains, and click Add domain.
Add a new domain in MyKinsta.
Complete Add domain as follows:
Domain name: Enter your domain name.
Add www. subdomain: This option is enabled by default to ensure both the www and non-www versions of your domain are correctly configured with Kinsta’s Cloudflare integration. You can disable this if you don’t want to include the www version. However, we recommend configuring both versions in your DNS to ensure consistent accessibility and compatibility. Some browsers, systems, or integrations may default to one version over the other, and having both configured helps prevent unexpected issues. You can then choose your preferred version and redirect the other to it, providing a consistent experience for visitors.
Select Advanced settings to select the following:
Add domain with wildcard: This option allows you to include all subdomains of your domain (e.g., *.example.com) in a single configuration. Enabling this ensures that verification, DNS pointing, and SSL certificate issuance are automatically applied to all current and future subdomains, without needing to add them individually. This is especially useful if you use multiple or dynamic subdomains, as it saves time and reduces the risk of configuration issues.
Use my own SSL certificate with this domain: Kinsta provides a free SSL certificate for every domain by default. Select this option if you want to use a custom SSL certificate instead. When enabled, you can paste the contents of your .key and .cert files. If there are any errors with the certificate, you’ll need to resolve them before continuing, or you can disable this option and add your custom SSL certificate later.
When you add a domain, you need to add DNS records to verify the domain and point it to Kinsta. Select the type of setup from the following:
Quick setup: We recommend this option if your domain is new and not currently receiving traffic. If your site is already live, this method may cause downtime during the transition. With this option, you don’t need to add TXT or CNAME records to verify domain ownership. Only A records are required to point your domain. After updating your DNS records, your site may experience 1-3 minutes of downtime. However, this can be longer depending on your DNS TTL settings; for example, if your TTL is set to several hours (e.g., 24 hours), the changes may take that long to fully propagate.
Avoid downtime: We recommend this option if you’re migrating a live site that already receives traffic, as it avoids downtime during the transition. With this method, you first verify domain ownership by adding TXT and CNAME records. Once verified, you can update your DNS with the required A records to point your domain to Kinsta. Although this approach prevents downtime, it may take up to 1.5 hours for your site to go live. This can take longer depending on your DNS TTL settings, especially if they are set to several hours.
Click Add domain.
[caption id="attachment_209622" align="alignnone" width="1774"] Add a domain in MyKinsta.[/caption]
The next steps differ depending on whether you choose Quick setup or Avoid downtime.
Quick setup
[notice type="important"]If you select this option, your site may experience 1-3 minutes of downtime. However, this can be longer depending on your DNS TTL settings; for example, if your TTL is set to several hours (e.g., 24 hours), the changes may take that long to fully propagate.
When you select this option, Kinsta provides the A records you need to add to your DNS to point your domain. If you select Add www. subdomain, two A records will be shown. If you select Add domain with wildcard, you will also need to add TXT and CNAME records.
Your DNS provider is where your domain’s DNS records are managed. This is often your domain registrar (for example, GoDaddy), but it may also be a separate DNS provider (such as Cloudflare).
Refer to Kinsta’s DNS if you’re using this to manage your DNS records, or for more detailed information on updating DNS at some popular registrars and DNS managers, check out these articles:
Once you’ve added your DNS records, click OK, I’ve done it.
Add the A records to your DNS records to point your domain.
Once the DNS has propagated, you will receive an email to confirm this, and a check mark will show against the domain in MyKinsta.
A checkmark next to your domain in MyKinsta indicates it’s pointed correctly.
Once you’ve added your custom domain, you must ensure it is set up correctly as your site’s primary domain. We also recommend forcing your site to load over HTTPS for added security.
Avoid downtime
When you select this option, Kinsta first provides you with the CNAME and TXT records required to verify your domain. If you select Add www. subdomain, two CNAME and two TXT records will be shown.
Your DNS provider is where your domain’s DNS records are managed. This is often your domain registrar (for example, GoDaddy), but it may also be a separate DNS provider (such as Cloudflare).
Refer to Kinsta’s DNS if you’re using this to manage your DNS records, or for more detailed information on updating DNS at some popular registrars and DNS managers, check out these articles:
This TXT record allows your domain registrar to verify that you own the domain and are authorized to use their services for that domain. Once the domain is fully validated, you can remove this record from your DNS if necessary.
Name: _cf-custom-hostname
Value: Unique UUID value from MyKinsta (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
CNAME record
Kinsta uses this DNS entry to update the domain with the necessary tokens for your SSL certificate. As long as this record exists in your DNS, you won’t need to manually renew your SSL certificate; Kinsta manages it for you. We don’t recommend removing this DNS entry, as you will need to re-add it each time the SSL certificate requires renewal.
Name: _acme-challenge
Domain name: example.com.kinstavalidation.app
Add the TXT and CNAME records to your DNS records to verify your domain ownership.
After you’ve added the records, click Verify to confirm that the record exists in your DNS and matches the value provided by Kinsta. Alternatively, click OK, I’ve done it to close the verification window and allow the checks to run in the background.
Once DNS propagates (usually within a few minutes, but it may depend on the TTL set when adding the record), you’ll receive a notification email to let you know you can continue with pointing your domain.
After your domain has been successfully verified, click Point domain to start the domain pointing process.
Point your domain to Kinsta.
Kinsta provides the A records you need to add to your DNS to point your domain. Go to your domain registrar to add these records.
Once you’ve added your DNS records, click OK, I’ve done it.
Add the A records to your DNS records to point your domain.
Once the DNS has propagated, you will receive an email to confirm this, and a check mark will show against the domain in MyKinsta.
A checkmark next to your domain in MyKinsta indicates it’s pointed correctly.
Once you’ve added your custom domain, you must ensure it is set up correctly as your site’s primary domain. We also recommend forcing your site to load over HTTPS for added security.
Change your primary domain
Every site hosted on Kinsta is assigned a primary domain. The primary domain is the “main domain” of the site and is automatically assigned when a site is created. If you don’t add a custom domain during site creation, your site’s primary domain will be set to a kinsta.cloud domain.
If you’ve added a custom domain and you’re ready to make your site live, you’ll want to ensure it’s set up correctly as your site’s primary domain.
To view your site’s primary domain, navigate to Sites > sitename > Domains. In the screenshot below, our Kinsta Help Testing site is configured with kinstahelptesting.kinsta.cloud as the primary domain.
Kinsta temporary URL.
To update your primary domain, scroll down to the Domains list section, click on the dropdown menu next to a domain, and select Make primary domain.
Make a domain the primary domain in MyKinsta.
On the Make domain primary modal/pop-up, you have the option of choosing to run a search and replace. This search and replace will automatically update instances of your old domain to your new domain in your WordPress database. We recommend checking this option to prevent unexpected redirects caused by old URLs in your database. If you don’t perform the search and replace here, you can always do it manually with our search and replace tool later on.
Search and replace primary domain.
After clicking the Make primary button, it’ll take a few minutes to update the primary domain. Once it’s finished, you should see your new domain listed under Primary domain.
New primary domain in MyKinsta.
Force HTTPS (optional)
While technically optional, forcing your site to load over HTTPS is recommended. With our Cloudflare integration, once your domain is verified, a free SSL certificate (with wildcard support) is automatically added to your site. The only thing you’ll need to do is head over to your site in MyKinsta, then go to Tools and click on the Enable button under Force HTTPS.
Enable Force HTTPS in MyKinsta.
Linked DNS zone
If you’re using Kinsta’s DNS and you have linked a DNS zone to a site, the zone is shown here. You can click on the DNS zone to open the DNS records page. This does not add the required DNS records; it gives Site Administrators access to manage the DNS records for the site.
DNS zones that are linked to this site.
Add a subdomain pointing to multiple IP addresses
If you’re adding a subdomain that’s part of a wildcard DNS setup that has A records pointed to multiple IP addresses, you’ll need to take a few extra steps to point that subdomain to Kinsta. This isn’t a common setup, and the steps below are only applicable when a wildcard (catch-all) subdomain is pointed to multiple A records.
If your domain does not use wildcard A records pointed to multiple IP addresses, you don’t have to go through these additional steps when adding a domain to your site.
To set up a wildcard subdomain that’s pointed to Kinsta, an additional wildcard subdomain (*.example.com) is automatically added when you add a root/apex domain (domain.com) to a site in MyKinsta (unless you deselect the wildcard option under Advanced Options).
What is a multiple IP wildcard subdomain?
First, let’s define what it means for a wildcard subdomain to be pointed to multiple IP addresses. In most cases, a wildcard subdomain will have a single A record pointing to an IP address:
A record for *.example.com pointing to 192.0.2.1.
However, in some cases, a wildcard subdomain may point to multiple IP addresses. This kind of configuration is commonly used for DNS failover protection, round-robin setups, and more:
A record for *.example.com pointing to 192.0.2.1.
A record for *.example.com pointing to 192.0.2.2.
A record for *.example.com pointing to 192.0.2.3.
A record for *.example.com pointing to 192.0.2.4.
If you’re unsure whether your wildcard subdomain is pointing to multiple IP addresses, you can use a tool like WhatsMyDNS to check the A record(s) for the subdomain you want to point to Kinsta. In the screenshot below, you can see that the subdomain sub.happyavocados.com is pointing to multiple IP addresses.
Subdomain pointing to multiple IP addresses.
Next, you’ll need to check whether the DNS records pointing to multiple IP addresses are set up as static (e.g. sub.kinstaexample.com) or wildcard (*.kinstaexample.com) A records. If your DNS configuration looks similar to the one below (wildcard A records), you’ll need to proceed with the rest of this tutorial.
Wildcard subdomain pointing to multiple IP addresses.
Adding a multiple IP subdomain in MyKinsta
If we detect that your subdomain is configured with multiple A records, you’ll see a message like the one below after adding the subdomain in MyKinsta:
Warning in MyKinsta for subdomain pointing to multiple IP addresses.
1. Point subdomain to existing wildcard IPs
If the subdomain you’re adding to MyKinsta is already hosted elsewhere, you’ll need to create A records for that specific subdomain. These A records should point to the same IP addresses as your wildcard A records. If this is a new subdomain that isn’t currently hosted anywhere else, you can skip this step.
This step is only needed to keep the subdomain working and resolving properly at another host until it’s verified and can be pointed to Kinsta.
For example, if you’re trying to configure sub.kinstaexample.com and have the wildcard A records below:
A record for *.kinstaexample.com pointing to 192.0.2.1.
A record for *.kinstaexample.com pointing to 192.0.2.2.
A record for *.kinstaexample.com pointing to 192.0.2.3.
A record for *.kinstaexample.com pointing to 192.0.2.4.
You should add the four A records below to sub.kinstaexample.com at your DNS provider.
A record for sub.kinstaexample.com pointing to 192.0.2.1.
A record for sub.kinstaexample.com pointing to 192.0.2.2.
A record for sub.kinstaexample.com pointing to 192.0.2.3.
A record for sub.kinstaexample.com pointing to 192.0.2.4.
2. Verify subdomain
After you’ve added the A records, go to MyKinsta and click the Next button in the Verify Domain modal/pop-up.
Click Next in the Verify domain modal/pop-up in MyKinsta.
You’ll be prompted to add one or more TXT records to verify ownership of your subdomain. The TXT record is formatted like the following:
Type: TXT
Hostname: _cf-custom-hostname.your-subdomain
Value: Unique UUID string.
TXT records to verify your subdomain.
Next, add this TXT record to your subdomain at your DNS provider.
Add TXT verification record.
After you’ve added the DNS record(s), click Verify to confirm that the record exists in your DNS and matches the value provided by Kinsta, and then click Ok, I’ve done it. Alternatively, click OK, I’ve done it to close the verification window and allow the checks to run in the background.
3. Point subdomain to Kinsta
MyKinsta will start the verification process for your subdomain. Depending on your DNS provider, this process may take a while due to DNS propagation. Once the verification has finished, you’ll see a Point domain button in MyKinsta.
Point domain button in MyKinsta.
Click the Point domain button, and you’ll see your Site IP address. This is the IP address for your subdomain’s A record.
Site IP address to point your subdomain to in MyKinsta.
Next, go to your DNS provider and remove the A records for your subdomain that you added earlier.
Remove the A records for your subdomain that were added earlier.
Finally, add an A record for your subdomain pointing to your Kinsta Site IP address.
Add an A record for your subdomain pointing to Kinsta.
After setting up this A record and after DNS has propagated, you’ll see a check mark next to your subdomain in MyKinsta. This means the subdomain has been set up successfully.
Troubleshooting
Verification suspended
If your domain has been verifying for 7 days or more, the verification process is automatically suspended. We recommend checking that the correct DNS records are in place, then clicking Restart verification to try again.
Fix domain error
During the domain verification process, if a Fix domain error button appears next to the domain, this means a CAA record conflict is occurring.
A CAA record is an optional DNS record that lets you specify which certificate authorities (CAs) are allowed to issue SSL certificates for your domain. If a domain has no CAA records, any CA can generate an SSL certificate for it if requested. If a domain has a CAA record, only the CA(s) specified in the CA record can generate an SSL certificate for the domain.
To resolve this error, click the Fix domain error button, then visit your domain’s DNS provider to either add missing CAA records (marked as Pending) or, if you do not need a CAA record on your domain, remove existing records that are causing conflicts (marked as Detected).
Fix domain error showing conflicting CAA DNS records.
Troubleshoot Cloudflare domain pointing
If you have pointed your domain (allowing up to 24 hours for DNS to propagate) but you’re still seeing either of the following, there are a couple of places to check in your Cloudflare account:
a banner or warning that your site isn’t pointed to Kinsta and is subject to service interruption.
a status of “Confirming that you have pointed your domain to Kinsta.”
First, check the Page Rules in your Cloudflare account. If the root domain is redirected to the WWW domain or vice versa, the domain that is being redirected cannot be verified in MyKinsta. To resolve this issue, you’ll need to remove the redirect in Cloudflare Page Rules. This will allow the domain to be verified in MyKinsta. The redirect to the primary domain will now be handled at Kinsta.
Next, in your Security – Firewall rules, allow the user agent kinsta-bot and the IP addresses 35.194.36.163 and 34.135.149.39, so the firewall doesn’t block the bot that confirms your domain is verified and pointed to Kinsta.
Existing DNS zone record at Cloudflare
When adding and pointing a domain to your site in MyKinsta, under certain circumstances, you may see a warning that the domain has an existing zone record at Cloudflare, and continuing may cause your site to go offline.
Warning about existing DNS record at Cloudflare.
If you’re sure that you do not need to remove the existing zone record at Cloudflare, you can choose to continue without removing it. Select I confirm that I may experience problems using the domain, and click Continue.
If you do need to remove the existing zone record at Cloudflare, this is the message you can send to them, replacing YOURDOMAIN.com with your actual domain name.
Hi,
I am writing to you about the domain YOURDOMAIN.com.
My host, Kinsta, has detected an old, unused Cloudflare DNS zone for my domain. Would you please remove it from your system?
I confirm that I have access to DNS for the domain and am willing to add a TXT record to prove domain ownership. Please send the TXT record you would like me to use.
Thanks!
If you’re not sure whether or not you need to remove the existing zone record, contact our Support Team, and we will review your setup and let you know how to proceed.
Add a domain in MyKinsta.[/caption]
