Operations · 11 min read

Custom Domains, DNS & SSL: The Complete Guide

Everything you need to connect a custom domain to your website. How DNS actually works, the three connection methods, SSL via Let's Encrypt, subdomains, email setup, and common fixes.

Your custom domain is the single most important credibility signal your website has. A site at yourbusiness.com reads as a real business; the same site at yourbusiness.someplatform.com reads as a side project. The cost is roughly $10-20/year for the domain plus whatever hosting plan you're already paying for; the credibility gain is meaningful.

Setting up a custom domain involves three moving pieces that confuse people every time: a registrar, DNS, and SSL. This guide walks through each in plain English, covers the three ways to connect a domain to a website, and ends with the most common fixes for the issues you'll hit.

The three pieces in plain English

1. The registrar — where you bought the domain

A domain registrar is the company that sold you yourdomain.com. Common ones: GoDaddy, Namecheap, Porkbun, Cloudflare Registrar, Google Domains (now Squarespace Domains). The registrar collects ~$10-50/year and registers your domain with the global DNS system. You can move registrars freely; it doesn't affect anything else.

2. DNS — where the domain points

DNS (Domain Name System) is the phone book of the internet. When someone types yourdomain.com into a browser, DNS translates that to a server IP address. You control the DNS records for your domain via either (a) the registrar's DNS dashboard, (b) a third-party DNS service like Cloudflare, or (c) a website builder's nameservers if you've handed control over.

3. SSL — the HTTPS certificate

SSL (Secure Sockets Layer, technically TLS now) is the certificate that proves a website is who it claims to be and encrypts the connection between visitor and server. Required for HTTPS, which is required for browsers not to show 'Not Secure' warnings, which is required for SEO and trust. Modern website builders provision SSL automatically via Let's Encrypt (free, automated).

The three ways to connect a domain

Method 1: Nameservers (recommended for simplicity)

You change the nameservers at your registrar to point at the website builder. From that point on, the builder handles all DNS records — apex, www, MX (email), TXT (verification), everything. Easiest setup, fewest moving parts.

How: log into your registrar, find 'Nameservers,' replace with the builder's nameservers (typically two of them like ns1.builderhost.com and ns2.builderhost.com), save. Propagation takes 1-48 hours but typically completes in under 2 hours.

Trade-off: the website builder controls all DNS for your domain, including email. If you want email on a separate provider, you'll need to add MX records via the builder's DNS interface (most builders support this).

Method 2: A record + CNAME (recommended if you keep DNS elsewhere)

You keep DNS control at your registrar (or Cloudflare). You add an A record for the apex (yourdomain.com → builder's IP) and a CNAME record for www (www.yourdomain.com → builder's host).

How: log into your registrar's DNS dashboard, add an A record for @ (the apex) with the IP your builder provides; add a CNAME for www pointing at the builder's host. Save. Propagation typically completes in 5-30 minutes if your registrar has a low TTL.

Trade-off: you maintain DNS records yourself. If the builder ever changes its IPs or hostnames, you update. Slightly more operational overhead but you keep full DNS control.

Method 3: CNAME only (for subdomains)

If you want your website at shop.yourdomain.com (a subdomain) rather than the apex, just add a CNAME record: shop → builder's host. Easiest for adding subdomains alongside existing sites at the apex.

How: in your DNS dashboard, add a CNAME for whatever subdomain you want (shop, app, blog, learn) pointing at the builder's hostname. Apex stays untouched.

Step-by-step: connecting a domain to Website Killer

  1. Buy a domain from any registrar (Cloudflare Registrar is cheapest at-cost; Porkbun and Namecheap are also good; avoid GoDaddy's renewal pricing).
  2. In your Website Killer project, go to Settings → Domains. Click 'Add custom domain' and enter your domain (yourdomain.com).
  3. Website Killer shows you two options: 'Use nameservers' (Method 1) or 'Use DNS records' (Method 2).
  4. If you pick nameservers: copy the two nameservers Website Killer shows, log into your registrar, update the nameservers, save. Done.
  5. If you pick DNS records: copy the A record (apex) and CNAME (www), log into your DNS dashboard, add both records, save.
  6. Wait for propagation (typically 5-60 minutes). Website Killer checks every minute and auto-provisions SSL via Let's Encrypt as soon as DNS resolves.
  7. Confirmation: Website Killer shows the green 'Live' status; your site is accessible at https://yourdomain.com.

SSL: what it is and how Let's Encrypt works

SSL/TLS certificates prove that the site responding at yourdomain.com is actually yours, and they encrypt all traffic between your visitors and the server. Browsers require valid SSL for the URL bar's padlock; without it, you see 'Not Secure' warnings.

Until ~2015, SSL certs cost $30-300/year from commercial Certificate Authorities (CAs). Let's Encrypt changed that — they're a non-profit CA founded by the EFF that issues free, automated certificates. Modern website builders run Let's Encrypt under the hood: when you connect a domain, the builder requests a cert from Let's Encrypt, proves ownership (via DNS challenge or HTTP challenge), and installs the cert. Certs renew automatically every 90 days.

You don't pay for SSL anymore. Don't buy commercial SSL certs from your registrar — Let's Encrypt is the standard, free, automated, and trusted by every browser.

Subdomains: when to use them

Common subdomain patterns and when to use each:

  • www.yourdomain.com — historical convention, identical to apex in modern setups. Most builders auto-redirect www to apex or vice versa.
  • shop.yourdomain.com — Shopify store separated from the marketing site at apex. Standard DTC pattern.
  • app.yourdomain.com — the actual product/app, separate from the marketing site. Standard SaaS pattern.
  • blog.yourdomain.com — blog on a different platform. Less common in 2026; most builders include blogs at /blog on the main domain.
  • docs.yourdomain.com — documentation on a tool like Mintlify or GitBook.
  • status.yourdomain.com — status page on Statuspage or similar.
  • learn.yourdomain.com or academy.yourdomain.com — education / course content separated.

SEO note: subdomains and subdirectories rank as related-but-separate properties. Putting your blog at /blog on the main domain consolidates SEO authority better than putting it at blog.yourdomain.com.

Email setup with custom domains

Most website builders don't sell email hosting — they sell websites. To send and receive email at yourname@yourdomain.com, you set up a separate email provider:

  • Google Workspace (~$6/user/month) — the most common pick; includes Gmail, Drive, Calendar, Meet.
  • Microsoft 365 (~$6/user/month) — Outlook-flavored; required for many enterprise/government workflows.
  • Fastmail (~$3/user/month) — privacy-focused, minimal, fast.
  • ProtonMail (~$8/user/month) — end-to-end encrypted email, EU-jurisdiction.

Setup: pick a provider, add the MX records they give you to your DNS dashboard (or via the builder's DNS interface if you used nameservers), wait for propagation. Email and website are completely independent — your website hosting doesn't affect email or vice versa.

Common DNS issues and fixes

Issue: site shows 'Not Secure' in browser

Cause: SSL hasn't provisioned yet, or DNS hasn't fully propagated. Fix: wait 30-60 minutes after the initial setup; modern builders auto-provision SSL once DNS resolves. If still broken after 24 hours, check that your DNS records are correct.

Issue: domain redirects to the wrong site

Cause: DNS cache. Fix: clear your browser cache, try in incognito, or wait for the TTL on your DNS records to expire (typically 1-4 hours). Use dnschecker.org to verify what DNS is actually serving.

Issue: www.yourdomain.com works but yourdomain.com doesn't (or vice versa)

Cause: you set up the A record but not the CNAME, or vice versa. Fix: most builders need both — A record for the apex, CNAME for www. Add the missing one.

Issue: email broke after switching to nameservers

Cause: switching nameservers to the website builder wipes MX records. Fix: re-add MX records via the builder's DNS interface (every modern builder supports this). Or use Method 2 (A record + CNAME) instead so you keep DNS control with your existing email provider.

Issue: 'DNS_PROBE_FINISHED_NXDOMAIN' in browser

Cause: DNS hasn't propagated, or you typed the domain wrong. Fix: check dnschecker.org to see if DNS is propagating; wait if it isn't; double-check the domain spelling in your address bar.

Frequently asked questions

How long does it take a domain to start working?

Typically 5-60 minutes for DNS to propagate, plus another few minutes for SSL to provision. Worst case 24-48 hours if you have unusual TTLs or registrar delays.

Do I need to buy an SSL certificate?

No. Let's Encrypt issues free SSL certs that browsers trust as well as paid ones. Every modern website builder uses Let's Encrypt under the hood. Don't pay for SSL.

Should I use nameservers or A records?

Nameservers are simpler — let the builder handle all DNS. A records keep DNS control with you, which matters if you have existing email or third-party services on the domain. Use nameservers if you're starting fresh; use A records if you have existing infrastructure.

Where should I buy a domain in 2026?

Cloudflare Registrar (at-cost, usually $9-15/yr depending on TLD), Porkbun (similar pricing, friendlier UI), or Namecheap (slightly more, mature product). Avoid GoDaddy's renewal pricing — buy elsewhere and save 30-50% over the long term.

Can I move my domain to a different registrar later?

Yes. Domain transfers are well-supported; the process takes 5-7 days, requires an unlock code from your current registrar, and renews the domain by one year. No site downtime if you do it correctly.

What's the difference between a domain and hosting?

A domain is the address (yourdomain.com); hosting is the server that serves the site. They're separate purchases. The domain is registered with a registrar; the site is hosted by a website builder or hosting provider. The domain points at the hosting via DNS.

Can I have email at a different provider than my website?

Yes — almost always how it works. Email lives at Google Workspace / Microsoft 365 / Fastmail / etc., website lives at your builder. The two are independent. Your domain's DNS has separate records for each: MX records for email, A/CNAME for website.

What's a TTL and does it matter?

TTL (Time To Live) is how long DNS resolvers cache a record before re-checking. Default is usually 1 hour; some providers use 24 hours. Shorter TTL means changes propagate faster (useful during setup); longer TTL means lower load on DNS servers (better for stable production sites).

What's the difference between a subdomain and a subdirectory?

Subdomain: blog.yourdomain.com — a separate URL prefix. Subdirectory: yourdomain.com/blog — a path on the main domain. For SEO, subdirectories consolidate authority better; subdomains let you run different platforms on the same domain.

How do I check if my DNS records are correct?

Use dnschecker.org — enter your domain, pick the record type (A, CNAME, MX), and see what DNS resolvers worldwide are returning. The fastest debugging tool when something doesn't work as expected.

Keep reading

← Back to all guides

Try Website Killer — the AI website builder behind this guide.

Free forever plan. Custom domains, hosting, and AI generation all included on Pro at $14/month.

Start freeSee pricing