By default, we require wildcard domains to use Vercel nameservers to issue TLS certificates (and renew them automatically). This method allows you to delegate subdomains to Vercel and use the wildcard on that subdomain,
Please note: If you're trying to use the apex domain (eg *.example.com), you should not use this method. See: Why must we use the Domain Nameservers method for Wildcard Domains on Vercel? for more details.
Go to the Domains page and select the Apex domain. Then, click the Enable Vercel DNS button to activate the Vercel DNS.
If you can't change your apex domain's nameservers (e.g., your DNS provider doesn't allow it), you can create NS records on _acme-challenge subdomain instead as a secondary option.
For example, if you add *.acme.com to your project domains, you can create NS records listed below:
Record Type | Name | Value |
|---|---|---|
|
|
|
|
|
|
Similarly, if you add *.foo.acme.com, you can add NS records for _acme-challenge.foo subdomain.
This can be used to delegate the _acme-challenge subdomain to Vercel nameservers, and other subdomains continue to use the current DNS provider's name servers as before.
Important: Creating this this record may prevent other hosting providers from issuing certificates for their service and should only be used if you cannot change your name servers.
Once the _acme-challenge record has been delegated, you need to point the wildcard traffic to Vercel.
To do this, you need to create a CNAME record for the wildcard (eg *.app.example.com) with the value cname.vercel-dns.com.
.