By default, we require wildcard domains to use Vercel nameservers to issue TLS certificates (and renew them automatically).
See: Why must we use the Domain Nameservers method for Wildcard Domains on Vercel? for more details.
Workaround
Step 1 - Create NS records
If you can't change your apex domain's nameservers (e.g., your DNS provider doesn't allow it), you can create NS
records on _acme-challenge
subdomain instead as a secondary option.
For example, if you add *.acme.com
to your project domains, you can create NS records listed below:
Record Type | Name | Value |
---|---|---|
|
|
|
|
|
|
Similarly, if you add *.foo.acme.com
, you can add NS
records for _acme-challenge.foo
subdomain.
This can be used to delegate the _acme-challenge
subdomain to Vercel nameservers, and other subdomains continue to use the current DNS provider's name servers as before.
Please note: Using this method may prevent other hosting providers from creating certificates for their service and should only be used if you cannot change your name servers.
Step 2 - Enable Vercel DNS
Go to the Domains
page and select the Apex domain. Then, click the Enable Vercel DNS
button to activate the Vercel DNS.
![Enable Vercel DNS](/_next/image?url=https%3A%2F%2Fimages.ctfassets.net%2Fe5382hct74si%2F1eyhBdTxAbaGXaL0yymBGo%2Ffefd861f8e75f8e0e3da65bcef59ae54%2Fenable-vercel-dns.png&w=1920&q=75&dpl=dpl_E2GZsUUM4EyvuYCes3krYpYUWFdo)