In this lesson we'll connect a bare domain and
www domain to Pantheon's Live environment.
www.example.com) then click Connect Domain.
example.com) then click Connect Domain.
Sites that already have HTTPS working can pre-provision certificates and avoid HTTPS service interruption by verifying ownership of the domain.
To pre-provision HTTPS, CAA records must either:
Skipping this step will result in service interruption for existing sites that require or expect HTTPS. If you skip this step, HTTPS will be available within an hour after DNS routes to Pantheon.
Serve the file from your existing live site. Drupal 7 users can use the Lets Encrypt Challenge module to easily serve the contents of the challenge file.
The validation file to pre-provision HTTPS must be accessible over HTTP, not just HTTPS. A redirect from HTTP to HTTPS will work, but if a request over HTTP returns a 404, for example, the validation will fail.
We reccomend leaving the challenge file in place until the migration is complete. That way, if DNS is not updated within the 7 day window provided by Let's Encrypt, the certificate can be re-issued.
Return to the Pantheon Site Dashboard and refresh the Domains / HTTPS page.
After verifying domain ownership, your domain's HTTPS certificate(s) will automatically begin generating and be deployed to Pantheon’s Global CDN within an hour.
When a certificate is ready you can switch DNS destinations from your existing site to your new Pantheon site without HTTPS interruption.
Ready to launch like the pros? Before updating DNS, you can validate HTTPS configuration for the domain is ready on Pantheon by testing locally:
Add a line to your local hosts file with the IP address from the previous step followed by the domain name, for example:
This will tell your computer to look for ‘example.com’ at the new Pantheon address.
Make sure your site works with HTTPS by entering your domain with HTTPS in the browser (e.g.,
If you are unable to prove domain ownership (e.g. WP Engine blocks serving the required challenge file) you will not be able to pre-provision HTTPS to prevent service interruption. In these cases, we recommend completing the next section (Configure DNS) during a planned maintenance window lasting up to one hour. HTTPS will be available for the domain within an hour of pointing DNS to Pantheon.