Some of our services allow you to specify a custom domain for user-facing components such as Aiven for Kibana or Aiven for Grafana. This can be configured in the Overview tab for the service.

To make this work you will need to configure DNS records for the custom domain to allow Let's Encrypt to generate valid SSL certificates for the service.

Because Let's Encrypt needs to verify the service you must ensure the Allowed IP Addresses setting for your service is set to 0.0.0.0/0 otherwise the certificate will not be able to be issued. It is not possible to add the Let's Encrypt servers to an include-list because they do not publish the IP addresses used and are subject to change.

Purchase the desired domain

If you haven't already then you will need to purchase the domain from a Domain Name Registrar. Most of the configuration will take place in their control panel so be sure to check out their documentation if you get stuck.

Create a CNAME record

Log in to your Domain Name Registrar's website and create a new CNAME record to act as an alias for the Aiven service hostname.

This record is always required and should be set up to point a custom subdomain to the Aiven service. You can copy the service hostname from the Overview tab.

After you have done this for your custom subdomain you can check it is configured correctly with the following command:

$ dig +noall +answer <your-custom-subdomain> CNAME
kibana.example.com. 3600 IN CNAME <service-name>-<project-name>.aivencloud.com.

If there is no output from the above command then the CNAME is not configured correctly or you need to wait a bit longer for DNS propagation.

Optionally create a CAA record

This record is only required if you have an existing CAA record for a higher level domain. We use Let's Encrypt to issue SSL certificates for custom domains so if you have restricted this functionality with CAA records then you must also add a record for letsencrypt.org.

First check if there are any CAA records at one level above your desired custom subdomain. If there are no results then there there is nothing extra to configure.

$ dig +noall +answer <your-custom-domain> CAA

But if there are results and they do not contain letsencrypt.org then you will need to add that CAA record using your Domain Name Registrar's website.

$ dig +noall +answer <your-custom-domain> CAA
example.com. 3600 IN CAA 0 issue "godaddy.com"
example.com. 3600 IN CAA 0 issue "letsencrypt.org"
Did this answer your question?