DNS setup
DNS is the part of hosting where customers spend the most time stuck. This guide explains what's happening and what to check when propagation takes longer than expected.
What needs to happen
Your domain has to point at our IP address. That happens via an A record at your domain registrar. When someone types your domain into a browser, their resolver looks up the A record, finds our IP, and the request reaches our server.
You add the A record at your registrar (Cloudflare, Namecheap, GoDaddy, etc.). The provisioning page polls Cloudflare's 1.1.1.1 and Google's 8.8.8.8 resolvers and shows you what each currently sees.
Adding the A record
Log into your registrar's DNS panel. Add a new record with these fields:
- Type: A
- Name (or Host):
@(the literal at-sign represents the bare domain). Some registrars want you to type the full domain instead. - Value (or Points to, or Target): the IP address shown on your provisioning page. Use the copy button there to avoid typos.
- TTL: 300 seconds is good. Some registrars only allow a minimum of 1 hour or default to "Auto" — that's fine.
Add a second A record with name www pointing at the same IP if you want www.example.com to resolve too.
Save. The provisioning page should pick up the change within minutes.
What the resolver readout means
The status block on the provisioning page shows two lines:
1.1.1.1: ✓ matches 192.0.2.7
8.8.8.8: ✓ matches 192.0.2.7Both checkmarks: you're verified. The platform advances to SSL issuance.
One checkmark, one mismatch: one resolver still has the old record cached. Wait for the cached value to expire.
Both mismatched: either the record hasn't propagated yet, or the value is wrong (typo, wrong IP).
NXDOMAIN on either side: the record doesn't exist at all. Re-check the registrar.
Common problems
The IP is wrong
Most common cause of "DNS isn't propagating." One digit off and the record points at the wrong server. Use the copy button on the provisioning page rather than retyping.
The record type is wrong
Make sure it's an A record, not a CNAME or AAAA. CNAME for the bare domain isn't supported by every registrar (it violates the DNS spec) and AAAA is IPv6 (which we don't currently advertise).
The old TTL is too long
If your previous A record had a TTL of 86400 (24 hours), resolvers that already had the old value cached will keep returning it for up to that long. Lower the TTL to 300 BEFORE you switch hosts so the cache expires fast.
The domain isn't delegated
If you bought the domain at one registrar but pointed its nameservers at another DNS provider (Cloudflare is the common case), the A record has to be added at the DNS provider, not the original registrar. Check the NS records first: dig NS example.com shows where the lookups go.
Cloudflare proxy is on
If you're using Cloudflare as your DNS provider, the orange cloud (proxy) on your A record will intercept traffic before it reaches us. Toggle it to grey cloud (DNS only) for the verification step. You can re-enable proxy later if you want, but the initial SSL issuance needs the direct A record to resolve.
How long should I wait?
Most changes propagate within five minutes. After 30 minutes, the provisioning page reveals the troubleshooting checklist (see above). After 24 hours, a support contact appears.
If you're seeing the right A record on whatsmydns.net but the provisioning page disagrees, check the resolver readout: it shows the actual values both 1.1.1.1 and 8.8.8.8 see right now. Whatsmydns checks more locations but ours are authoritative for the platform's decision to move on.
The "Check again now" button
Forces an immediate resolver check, bypassing the normal poll cadence. Rate-limited to once every 15 seconds per site. If you click it and nothing changes, the problem is upstream of us (the resolvers haven't seen the new record yet); patience is the answer.