Connect a Domain Name

Part three of our Launch Essentials guide covers connecting your domain to your Pantheon-hosted site.


In this lesson we'll connect a bare domain and www domain to Pantheon's Live environment.

The steps below will guide you through the process of migrating a site onto Pantheon for the first time. If you are migrating a site already on Pantheon, follow the steps for relaunching an existing Pantheon site.

Connect Domain

  1. Access the Live environment in your Pantheon Site Dashboard.
  2. Navigate to the Domains / HTTPS page.
  3. Select Connect Domain and enter the www domain (e.g., then click Connect Domain.
  4. Click Back to Domains/HTTPS.
  5. Select Connect Domain and enter the bare domain (e.g., then click Connect Domain.

Existing Sites

Avoid HTTPS Interruption

Sites that already have HTTPS working can pre-provision certificates and avoid HTTPS service interruption by verifying ownership of the domain.

To pre-provision HTTPS, CAA records must either:

  • Not exist for the domain and its parent domains, or
  • Authorize Let's Encrypt.


Skipping this step will result in service interruption for existing sites that require or expect HTTPS. If you skip this step, HTTPS will be available within an hour after DNS routes to Pantheon.

Once you begin this process, you have:

  • 7 days to complete the challenge response. After that, you must create a new challenge.
  • 30 days to adjust DNS values.
  1. Access the Live environment in your Pantheon Site Dashboard.

  2. Navigate to the Domains / HTTPS page.

  3. Select Details next to the bare domain.

  4. Click Download File.

  5. Serve the file from your existing live site. Drupal 7 users can use the Let's Encrypt Challenge module to easily serve the contents of the challenge file.


    The validation file to pre-provision HTTPS must be accessible over HTTP, not just HTTPS. A redirect from HTTP to HTTPS will work, but if a request over HTTP returns a 404, for example, the validation will fail.

    If you're unable to host the challenge file, consider using the Terminus ACME Plugin to generate DNS TXT records to validate domain ownership.

  6. Return to the Pantheon Site Dashboard and refresh the Domains / HTTPS page.

After verifying domain ownership, your domain's HTTPS certificate(s) will automatically begin generating and be deployed to Pantheon’s Global CDN within an hour.

When a certificate is ready you can switch DNS destinations from your existing site to your new Pantheon site without HTTPS interruption.

Maintenance Window

If you are unable to prove domain ownership (e.g. WP Engine blocks serving the required challenge file) you will not be able to pre-provision HTTPS to prevent service interruption. In these cases, we recommend completing the next section (Configure DNS) during a planned maintenance window lasting up to one hour. HTTPS will be available for the domain within an hour of pointing DNS to Pantheon.