Unable to delete Vercel managed DNS records for domain hosted on Render

Help
1

Problem

I purchased a domain on Vercel, treeauth.com, for a project that I have deployed on Render. On Render, the domains are verified, but an SSL certificate is not being issued.

Current Behavior

After troubleshooting with both Render and Vercel support bots, it was concluded that the issue is caused by two Vercel-managed DNS records configured for my domain:

  • Name: *

  • Type: ALIAS

  • Value: cname.vercel-dns-017.com

    _______________________

  • Type: ALIAS

  • Value: cname.vercel-dns-017.com

Both the Render and Vercel bots suggested deleting these records to resolve the conflict. However, I cannot delete them because they are marked as Vercel managed in the dashboard.

2

The domain troubleshooting guide can help with most custom domain configuration issues. You might be able to use that guide to solve it before a human is available to help you. Then you can come back here and share the answer for bonus points.

You can also use v0 to narrow down the possibilities.

1 Like
6

When you purchase a domain through Vercel, it automatically creates ALIAS records pointing to cname.vercel-dns-*.com that cannot be deleted through the dashboard.

Could you add @ A or CNAME records for your root domain and www subdomain pointing to Render’s IPs? These will override the ALIAS records.

Let us know how you get on!

7

Hi Pauline,

I have already done this actually, I forgot to mention that in the original post.

The DNS Records configured are:

image
image690Ă—175 10.3 KB

Again, the Vercel bot and Render bot, having been given this information, both concluded that the issue is those two ALIAS records managed by Vercel. Please let me know how to proceed.

9

It all looks correct, because when you try to delete a record, this pops up:

Default DNS Records cannot be deleted. However, adding additional DNS Records will override the values of them.

So what you’ve done is right.

  • A record with value 216.24.57.1 - this is your Render IP
  • CNAME for www pointing to treeauth.onrender.com - this is correct for Render

Render can’t issue the SSL certificate. This is likely because of those CAA records from Vercel. Try adding:

  • Type: CAA
  • Name: @
  • Value: 0 issue ";" (this allows ANY certificate authority)

And waiting 5-10 minutes to see if Render issues a SSL certificate.

10

Hi Pauline,

I am met with the following when trying to add the DNS record you’ve suggested:

image
image1794Ă—362 20.2 KB

image
image1830Ă—382 19.4 KB

Is there something I am doing wrong and/or something else that I can do?

11

Hmm - can you try a few more things?

Remove the CAA record entirely

Instead of trying to override it, see if you can just leave the Name field completely blank or use a subdomain that doesn’t exist. This might prevent it from conflicting.

Or use specific CA values

Try adding CAA records with actual certificate authorities:

0 issue "letsencrypt.org"
0 issue "amazontrust.com"
0 issue "digicert.com"

Add each one as a separate CAA record.

Could you also share what the actual error is on Render?

Can you share the exact error message from your Render dashboard when it tries to issue the SSL certificate? That will tell us if CAA is really the problem or if it’s something else.

12

Hi Pauline,

When viewing the configuration on Render, I am met with this:

Screenshot 2026-02-12 125049
Screenshot 2026-02-12 125049686Ă—780 140 KB

This is as much as I am able to ascertain, Render does not appear to provide any specific information. I will also say that I receive the same screen when looking at the configuration for www.treeauth.com (except, of course, that it says www.treeauth.com on that one instead of just treeauth.com)

I went ahead and added those CAA records with actual certificate authorities like you suggested, except for 0 issue “letsencrypt.org” as Vercel automatically added that as a DNS record.

As of right now I am still getting the certificate error.

13

So this might be one you’ll have to go to Render’s community or support, because it seems like it’s on their side. However, can you try adding these CAA records in Vercel:

Record 1:

  • Type: CAA
  • Name: @
  • Value: 0 issue "letsencrypt.org"

Record 2:

  • Type: CAA
  • Name: @
  • Value: 0 issue "pki.goog; cansignhttpexchanges=yes"

Record 3 (if using wildcards):

  • Type: CAA
  • Name: @
  • Value: 0 issuewild "letsencrypt.org"

Record 4 (if using wildcards):

  • Type: CAA
  • Name: @
  • Value: 0 issuewild "pki.goog; cansignhttpexchanges=yes"

Then wait 10-15 minutes and retry the SSL verification in Render.

14

Hi Pauline,

I will contact Render support and come back to let you know if the issue is resolved.

1 Like
15

Hi Pauline,

The issue does appear to have been on Render’s end, but not what I would have expected. When configuring a custom domain on Render, it automatically will create a redirect for you. So, for example, if you designate www.whatever.com as your domain, it tells you “whatever.com will redirect to www.whatever.com” and vice versa. This issue literally only was happening because I wanted www.treeauth.com to redirect to treeauth.com. However, designating it such that treeauth.com redirects to www.treeauth.com was apparently the resolution. This ultimately is not what I wanted, but I would rather a working domain than no domain at all.

Cheers and thank you for your help!

16

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.