Connect a custom domain

You can connect custom domains (like example.com or myrealtimeapp.example.com) to a Firebase Hosting site.

Firebase Hosting provisions an SSL certificate for each of your domains and serves your content over a global CDN.

Generally, Firebase Hosting recommends no more than 20 subdomains on any one apex custom domain, due to SSL certificate minting limits.

Set up your domain for Hosting

Make sure that you've completed the "Get Started" wizard from your project's Firebase Hosting page so that you have a Firebase Hosting site in your Firebase project.

From your project's Hosting page, enter the wizard for connecting a custom domain:
- If you have only one Hosting site, click Connect domain.
- If you have more than one Hosting site, click View for the desired site, then click Connect domain.
Enter the custom domain that you'd like to connect to your Hosting site.
(Optional) Check the box to redirect all requests on the custom domain to a second specified domain.
Click Continue to initiate the validation process. Then, if requested, verify your domain ownership by following the instructions in the setup wizard.

These steps ensure that your domain hasn't already been linked with a Firebase project and that you own the specified domain.

Note: To map TXT records directly to your domain name, some domain providers require that you enter @ for the Host name. Refer to your domain provider's documentation for detailed instructions for adding TXT records.
To complete the custom domain setup, you can use the Quick Setup mode in most cases.

However, if you already have a site running on another hosting provider and need a zero-downtime migration, then select Advanced Setup from the setup mode dropdown list.
- Quick Setup — Point the DNS A records for your domain to Firebase Hosting.
- Advanced Setup — Follow the on-screen instructions either to update your domain's DNS TXT records or to upload a file to a specified location on your existing site. After verification is complete, you can safely point your DNS A records to Firebase Hosting.
Firebase provisions an SSL certificate within 24 hours after you point your DNS A records to Firebase Hosting.

Setup status descriptions for custom domains

Status	Description
Needs setup	You might need to change a configuration with you DNS records. In most cases, your DNS A records haven't propogated from your domain name provider to Firebase Hosting servers. Troubleshooting tip: If it's been more than 24 hours, check that you've pointed your records to Firebase Hosting. In rarer cases, especially if you're using the Advanced Setup flow, SSL challenges might be failing because: Your DNS records have A records or CNAME records that point to other hosting providers. Troubleshooting tip: Check that your A records point only to Firebase Hosting, and remove all CNAME records. Migration failed, and the token (DNS TXT records or uploaded file provided to your site) is now invalid. Troubleshooting tip: Click View for the domain, then provide the new token to your existing domain.
Pending	You correctly set up your custom domain, but Firebase Hosting hasn't provisioned an SSL certificate. Occasionally, the following issues can stall the minting of an SSL certificate for a custom domain: Your CAA records are too restrictive. Troubleshooting tip: Ensure that the certificate authority Let's Encrypt is allowed to create SSL certs for your domain. Your challenge code is invalid. If you're using the Advanced Setup flow and migration failed, your token (and its challenge code) are now invalid. Troubleshooting tip: Click View for the domain, then provide the new token to your existing domain. You requested certs for too many subdomains. Troubleshooting tip: Generally, Firebase Hosting recommends no more than 20 subdomains on an one apex custom domain, due to SSL certificate minting limits.
Connected	Your custom domain has the proper DNS records and has an SSL certificate. You can serve your site's content.

Status

Description

Needs setup

You might need to change a configuration with you DNS records.

In most cases, your DNS A records haven't propogated from your domain name provider to Firebase Hosting servers.
Troubleshooting tip: If it's been more than 24 hours, check that you've pointed your records to Firebase Hosting.
In rarer cases, especially if you're using the Advanced Setup flow, SSL challenges might be failing because:
- Your DNS records have A records or CNAME records that point to other hosting providers.
  Troubleshooting tip: Check that your A records point only to Firebase Hosting, and remove all CNAME records.
- Migration failed, and the token (DNS TXT records or uploaded file provided to your site) is now invalid.
  Troubleshooting tip: Click View for the domain, then provide the new token to your existing domain.

Pending

You correctly set up your custom domain, but Firebase Hosting hasn't provisioned an SSL certificate.

Occasionally, the following issues can stall the minting of an SSL certificate for a custom domain:

Your CAA records are too restrictive.
Troubleshooting tip: Ensure that the certificate authority Let's Encrypt is allowed to create SSL certs for your domain.
Your challenge code is invalid.
If you're using the Advanced Setup flow and migration failed, your token (and its challenge code) are now invalid. Troubleshooting tip: Click View for the domain, then provide the new token to your existing domain.
You requested certs for too many subdomains.
Troubleshooting tip: Generally, Firebase Hosting recommends no more than 20 subdomains on an one apex custom domain, due to SSL certificate minting limits.

Connected

Your custom domain has the proper DNS records and has an SSL certificate.
You can serve your site's content.

Wait for SSL certificate provisioning

After we verify domain ownership, we provision an SSL certificate for your domain and deploy it across our global CDN. This process can take several hours.

Your domain will be listed as one of the Subject Alternative Names in the FirebaseApp SSL certificate, which is publicly viewable. While the domain is provisioning, you might see an invalid certificate that does not include your domain name. This is a normal part of the process and will resolve after your domain's certificate is available.