Custom Domain

---

Every Files.com site receives a unique custom subdomain that looks like <your-subdomain>.files.com. This ensures that your custom branding (including logo and colors) is visible for the entire Files.com experience, including logging in and accessing public pages like inboxes and share links.

You can take your site customization a step further - removing all traces of Files.com branding - by setting up a completely custom domain. Something like files.your-company.com.

Besides branding, there are many excellent reasons that you might want to use a custom domain. Some corporate firewalls block sites they consider to be file sharing sites, and sometimes IT administrators decide that includes Files.com. Using a custom domain on your site will usually work around these restrictions. Similarly, some customers report better access in China when using a custom domain for a similar reason.

Using a custom domain also automatically provisions dedicated IP addresses for your site, which some customers require. Using a custom domain is required in order to enable insecure ciphers for SFTP only.

If you choose to add a custom domain for your site, your original subdomain can still be used to access your site.

The custom subdomain for your site is a unique subdomain of the files.com domain, in the form of <your-subdomain>.files.com. The custom subdomain does not require nor permit you to manage the associated SSL certificates for that address. You can change your site's custom subdomain at any time by changing your site settings. Every site has a custom subdomain.

A custom domain is an address that you define on your own domain and then provide to Files.com. You can either allow Files.com to manage the SSL certificates for the custom domain or provide your own certificate. The use of a custom domain is optional, but it is required for other advanced customization features, such as allowing insecure ciphers for SFTP only.

A fully-configured custom domain requires a CNAME DNS record, which you are responsible for creating, and an SSL certificate, which may either be provisioned by Files.com or provided by you.

There are 3 major pieces that must be set up to correctly configure a custom domain for your Files.com site.

Once you have decided upon the address you will use for your custom domain, you will need to set up a DNS CNAME record for your custom address.

You must also configure an SSL certificate for the custom domain, either using a Files.com-provided certificate - which is strongly recommended - or providing your own custom certificate. Allowing Files.com to manage your SSL certificate avoids the hassle of obtaining your certificate or keeping it up-to-date.

You will also need to update the site-wide setting for Custom Domain in your Files.com site. To locate the Custom Domain settings, type "Custom domain" in the search box at the top of every screen and click on the matching result.

Files.com can provide and manage the SSL Certificate for your site. We also allow you to obtain and manage your own SSL Certificate from any other provider.

If you choose to use a Files.com-provided certificate, Files.com will automatically maintain, secure, and renew the SSL certificate for this domain. This is the default, and is strongly recommended.

If you choose to manage your own SSL certificate, Files.com will disable its CAA records, allowing you to register your own SSL certificate through any provider.

Files.com provides SSL certificates for custom domains free-of-charge. Renewals are handled automatically, and no further action is required on your part to keep the certificate active once set up. We use a popular Certificate Authority called Let's Encrypt, to create certificates that are valid for 90 days, and our system automatically begins the renewal process two weeks before the expiration date.

To set up your custom domain to use an SSL certificate provided by Files.com, create your CNAME record pointing your custom domain to your Files.com subdomain (e.g. your-subdomain.files.com).

Once you have created the CNAME record, you can complete the setup of your custom domain by adding your custom domain in Files.com.

Certificate provisioning in Files.com is very fast. We are generally able to provision and activate a certificate in 10-15 minutes after the DNS change has propagated and the domain has been added to Files.com according to our instructions.

If you prefer to use your own SSL certificate rather than one provided by Files.com, you will first need to upload and activate your SSL certificate. Navigate to the SSL page by typing "SSL Certificate" in the search bar at the top of every screen, then click the matching result.

If you have already obtained your SSL certificate, upload it and activate it. You will need to provide the certificate's private key (and key password if the key is encrypted), the certificate itself, and the intermediate certificates from your certificate authority.

If you haven't yet obtained a certificate, you can use the Generate CSR link to generate a new secure key pair and certificate signing request (CSR) which you can provide to any accredited SSL Certificate authority when purchasing an SSL certificate.

Some SSL vendors request the web server type as part of the certificate generation process. Files.com requires a certificate in OpenSSL format, which can usually be obtained by choosing the option for Apache, Linux, or Other.

For security purposes, we strongly recommend generating a new certificate that is used only by Files.com and is scoped to the exact subdomain used by Files.com (such as files.your-domain.com).

After uploading your SSL certificate, click the Activate button to activate it. Once your SSL certificate is active, the CNAME record value to use will be displayed under DNS Configuration.

Once you have created the CNAME record, you can complete the setup of your custom domain by adding your custom domain in Files.com.

If you set up your custom domain using your own SSL certificate, and later wish to switch to using a certificate provided by Files.com, you can easily do so by deactivating your SSL certificate. Navigate to the SSL page by typing "SSL Certificate" in the search bar at the top of every screen, then click the matching result. Deactivate your SSL certificate, then update your CNAME record according to the instructions for using an SSL certificate provided by Files.com.

When using your own SSL Certificate, you are responsible for managing the renewal of the certificate. You should plan to renew any expiring SSL Certificate prior to its expiration date and time. This applies to all certificate types, including Single Domain, Wildcard, or Multi Domain (SAN/UCC/MDC) certificates. Please contact your SSL Certificate Provider if you have any questions about the process.

Files.com can assist in creating the Certificate Signing Request (CSR) for the renewal. Access the SSL Certificate page and use the Renew button for the required certificate to generates your Certificate Signing Request (CSR).

Once your SSL Certificate Provider has provided you with your renewed SSL Certificate, import the certificate (and its intermediate certificates) on the SSL Certificate page.

Applying and activating a renewed SSL Certificate will not change your custom domain or its dedicated IP addresses.

If you have already configured your own SSL certificate with your custom domain, it is possible to change your settings to use a certificate provided by Files.com instead. The full procedure requires changes to your DNS configuration, so you should allow plenty of time for changes to propagate. You will also need to schedule a live meeting with Customer Support to coordinate the final switchover.

Files.com makes the process of setting up a custom domain easy. You will need both administrator access to your Files.com site, as well as access to your account with the DNS provider for your domain (e.g. GoDaddy, NameCheap, Route 53, etc.)

You can use any subdomain of any domain that you control as your custom domain. We recommend not using "ftp" as the first part of your domain (such as ftp.<your-domain>), since this will cause some browsers to improperly access the Files.com web interface. Instead, we suggest using something like files.<your-domain>. For instance, if you control the example.com domain, your might use the custom name files.example.com.

Once you have chosen your custom domain, the next step is to set up a CNAME DNS record with your DNS provider. The CNAME value will depend on whether you want your custom domain to use an SSL certificate provided by Files.com(recommended), or use your own SSL certificate.

If you plan to use SSL provided by Files.com, your CNAME record must point at your subdomain address. If you are using your own custom SSL certificate your CNAME will point to an address that contains your subdomain name in the form s-[subdomain].di.app.files.com.

Once your CNAME record is configured, you can complete the setup of your Custom Domain. Provide the full domain name of your CNAME record (such as files.example.com) in your site's Custom domain setting. To locate the setting, type "Custom domain" in the search box at the top of every page and select the matching result.

By default, the SSL certificate your Custom Domain will be managed by Files.com. If you prefer to manage your own SSL certificate, choose that option under the Advanced settings for the custom domain.

You can choose whether to enable HTTP Strict Transport Security (HSTS) on your domain. Use of HSTS is a recommended best practice.

Custom domain and SSL certificate changes typically take effect within minutes, though in rare cases these may take up to 48 hours. While the changes are propagating, your users can continue to access your site at your custom subdomain in the meantime without interruption.

HTTP Strict Transport Security (HSTS) is a policy mechanism that allows web servers to declare that web browsers should automatically interact with it using only HTTPS connections. Use of HSTS is a recommended best practice.

We enable HSTS on all Custom Subdomains by default, and we optionally allow our customers to enable HSTS on Custom Domains as well.

It is possible to change an existing custom domain to a different one with minimal downtime, however there will always be a small period (about 5 to 15 minutes) of downtime.

This downtime is due to 2 things: (1) registering your SSL certificate (if we are registering it) and (2) a time delay where some of our edge servers will serve your old domain's certificate and others will serve your new domain's certificate.

We recommend you plan the switch for a time period where your site has minimal usage, such as a night or weekend.

To minimize downtime, you can do some preparation work before the switchover. If your new domain is already pointed to a location via DNS, update the Time To Live (TTL) values on the existing DNS to a low value, such as 60 seconds. This will tell DNS servers across the internet to prepare for a change in the destination of this domain. This step needs to be performed ahead of time, ideally 2-3 days ahead of time, to allow the maximum impact.

If you will be providing your own SSL certificate, upload your new certificate prior to changing the custom domain. (If you will be using a certificate provided by Files.com, you may skip this step. We will generate the new certificate automatically when you change the custom domain.) This step may also be performed in advance of the move.

When ready to switch, create DNS records for the new domain at your DNS provider. They will be the same as your existing custom domain DNS records. Then immediately change the domain setting in Files.com, and wait for the changes to take effect.

On the following day after your switchover, you may update the Time To Live (TTL) values on your domain's DNS records to a higher value, such as 300. We strongly recommend leaving the TTL value at 60 seconds because the performance increase provided by large TTL values is negligible compared to being able to respond quickly to changes.

If you are using dedicated IP addresses, you'll need to update your DNS entries within 5 days of removing the old setting to keep the same dedicated IP addresses. If the DNS entries for your new custom domain are not set up properly within that 5-day period, your dedicated IPs will be released to be used by other customers.

Changing your custom domain does not affect your globally unique usernames configuration.

These types of two-factor authentication are tied specifically to the login domain of your site. If you change your site's custom domain settings, every user with this type of 2FA enabled will need to remove their existing 2FA settings and re-configure them. This is baked into the U2F / FIDO standards requirement for devices to generate site-specific public/private key pairs, which Files.com follows.

If changing your site settings would impact users, you'll see a message similar to this one when you attempt to change the domain:

Your site has X users using a Yubikey or Webauthn-based two-factor authentication (2FA) method. These methods are tied to the existing domain. As part of a domain change, these 2FA methods will be removed and users will be required to re-register these methods.

A custom domain is tied to your site's custom subdomain via the DNS records used to link your custom domain. If you want to change your custom subdomain, you should expect downtime due to the DNS propagation needed to effect the change, and you will also need to make changes to your custom domain's DNS records contemporaneously with the change.

This downtime is caused by 3 things: (1) re-registering your SSL certificate (if we are registering it), (2) a time delay where some of our edge servers will serve your old subdomain's certificate and others will serve your new subdomain's certificate, and (3) the need to create DNS records in the Files.com DNS for your new subdomain.

We recommend you plan the switch for a time period where your site has minimal usage, such as a night or weekend.

To minimize downtime, plan ahead and review the steps making the change, which are: lower the TTL values on your DNS records, wait for propagation, change your subdomain, update the DNS values to point at the new subdomain, wait for the changes to take effect.

Update the Time To Live (TTL) values on the existing DNS records for your custom domain to a low value, such as 60 seconds. This will tell DNS servers across the internet to prepare for a change in the destination of this domain. This step needs to be performed ahead of time, ideally 2-3 days ahead of time, to allow the maximum impact.

When ready to switch, update your subdomain setting in Files.com. Then update the DNS records for your custom domain to use your new subdomain in the files.com CNAME part of the record.

Wait for the changes to take effect.

While you could choose to increase your TTL values from 60 seconds at this point, we strongly recommend setting the value as low as your provider will allow.

If you are planning on changing both your custom subdomain and domain, we recommend doing these events on separate days to reduce the risks and make rollback easier.

If you are using dedicated IP addresses, you'll need to complete the process and update your DNS entries within 5 days to keep the same dedicated IP addresses. If the DNS entries for your custom domain are not set up properly within that 5-day period, your dedicated IPs will be released to be used by other customers.

You can change your custom subdomain which will change the URLs used to access your Files.com site. When you change your custom subdomain you will be logged out and returned to the new subdomain login page to log in again.

Your users should start using the new subdomain URL for all connections to your Files.com site as the old subdomain will no longer point to your site.

When the custom subdomain is changed, any existing Share Links, Inboxes, and Publicly Hosted folders will now use your new subdomain in their link URLs. You will need to inform users of those items of the updated URLs to use from now on.

Email notifications that were sent prior to the change will contain outdated links. You will need to inform recipients that old links will no longer work. New email notifications will contain updated links that use your new custom subdomain.

If you have embedded your old subdomain URL into any scripts, programs, or system configurations, then you'll also need to update those to point to your new subdomain. This includes any use of our SDKs or APIs.

If you have enabled a custom domain and you are using a single-sign on provider, you must first disable your SSO integration before you can remove the custom domain. This means you must edit every username associated with an SSO provider to change the authentication method first.

Removing your custom domain will affect your globally unique usernames configuration. You will no longer be able to use usernames that have already been used anywhere across all Files.com sites. If you attempt to remove your custom domain while you have any usernames that are not globally unique to Files.com, then you will be prohibited from removing the custom domain and informed of which usernames need to be renamed or removed prior to attempting this.

To remove your custom domain, remove the current configuration (replace the current custom domain name with a blank) and save the blank configuration.

When you remove your Custom Domain, it can immediately no longer be used to connect to your Files.com site by any method. If you are connected to Files.com using your custom domain when the custom domain is removed, your connection will no longer be valid and you will need to re-connect to Files.com using the default site address.

Any dedicated IP addresses will be released after 5 days and will no longer function. If you add new custom domain settings and the proper DNS configuration to support your custom domain within those 5 days, your dedicated IP addresses will not change.

Your SSL certificate will be used for any connections to your site that involve TLS encryption, which includes the web interface, the REST API, FTP, and WebDAV.

SFTP will not use the certificate, since that protocol uses SSH encryption instead of TLS.

Once you set up and activate your own SSL certificate, only connections initiated to your site via your custom domain will use that certificate.

Connections via your Custom Subdomain will still use our Files.com certificate, since your certificate would not be valid for our domain.

As part of the custom domain setup process, Files.com automatically provisions two dedicated IP addresses that are exclusive to your site and act as static IP addresses. This means that if you have users who restrict outbound access via a firewall, they will only need to whitelist your two dedicated IP addresses in order to access your site via the custom domain, rather than having to whitelist our entire published list of IP addresses.

You can view your dedicated IP addresses on the Firewall page.

It is our goal to have your Dedicated IPs remain the same, and we work hard to avoid having IP Addresses change out from under you. In practice, dedicated IPs for our customers have remained the same for the past several years. If we ever have to make changes to your IP addresses, we will endeavor to provide advance notice.

You can also get realtime notification of IP address changes by polling the /ip_addresses API endpoint shown in our API documentation. This endpoint returns a response including both our published list of IP addresses, and your site's two dedicated IP addresses.

If you follow the steps listed in Removing Your Custom Domain, your dedicated IP addresses will be released after 5 days. If you are following the steps for Changing an Existing Custom Domain you'll need to update your DNS entries within that same 5-day period to keep the same dedicated IP addresses. If the DNS entries for your custom domain are not set up properly within that 5-day period, your dedicated IPs will be released to be used by other customers.

You can set up multiple custom domains with a single Files.com site by providing your own Subject Alternative Name (SAN) SSL certificate that covers all of the domains you want to use. Wildcard SSL certificates, which are distinct from SAN certificates, are not supported by Files.com. Only domains which are explicitly listed in your certificate can be used as a custom domain for your Files.com site.

You will upload and activate your SAN certificate on the SSL Page. The DNS CNAME value to use for your custom domains will be shown in the table under DNS Configuration in the VALUE / ANSWER / DESTINATION column.

Using a SAN certificate and creating multiple CNAMEs that point at your site will allow users to access your Files.com site via any of the domains covered by your SAN certificate. However, Inboxes, Share Links, and links sent in welcome/signup and password recovery emails for your site will only use the custom domain configured in the Custom Domain settings.

The geographic region of your Custom Domain, and its associated Dedicated IPs, are determined by the region specified as the Geographic region on Files.com servers of the top-level folder of your Files.com site.

When using a custom domain, if you change the primary region where files are hosted on your Files.com site, the region of your Custom Domain will also change and we will issue you new IP addresses in the new region and release your old IP addresses.

Implementing a Custom Domain, along with the associated Dedicated IPs, can have performance implications on the transmission speed of international file transfers.

Files.com provides global acceleration features to minimize the network distance between users and regional storage. These features are circumvented when a Custom Domain is implemented in a different region than your storage region, meaning that file transfer durations will take longer than usual.

To maintain performance, we strongly recommend that your Custom Domain is implemented in the same region as your storage.

For global customers, note that all global users will be routed through the region of your Custom Domain and its Dedicated IPs. For example, if your Custom Domain is in Europe then all file transfers will be routed through Europe on their way to their final destination. This also applies to transfers to your Regional Storage. For example, if your Custom Domain is in Europe, and you have a folder that is stored in Singapore, then all file transfers to the Singapore folder will travel through Europe, even if they originate from Singapore itself.

Manual intervention from Files.com Support is required when switching from using your custom SSL certificate to a Files.com-supplied one. You should plan on arranging to have our Support team on the phone with you during the switch. Support is available during US Pacific Time Zone working hours. There will be some outage time during the switch but working with our Support team will minimize it.

To minimize outage time while switching your SSL settings to FIles.com management, you must do some preparation. You'll need to update some DNS settings, and you'll want to have a live call scheduled with Files.com support for the switchover.

About a day before the switch, reduce the TTL of your CNAME record from the default TTL value down to 60 seconds. A lower TTL will minimize the outage time. If your TTL is large, you must wait for the duration of the previous TTL before progressing to the switchover.

On the day of the switch, contact Files.com Support and have them live on the phone for the next steps.

Change the CNAME record of your domain from s-[subdomain].di.app.files.com to your custom subdomain address. This step is necessary because Files.com uses different CNAME records for Files-provided certificates versus customer provided certificates.

Files.com Support will validate the CNAME change and issue a new certificate. While it is possible at this point to increase the TTL for your CNAME record, we strongly recommend leaving this value at 60 seconds.

Custom domains are a powerful and flexible tool, but they require several distinct pieces to be correctly configured to function as desired. This section includes topics that may help you avoid known issues while navigating your custom domain setup.

Some DNS providers, such as Cloudflare, automatically "flatten" CNAMEs defined on the root of a domain to return an IP address rather than a hostname when the CNAME is resolved. The DNS provider internally performs the additional queries needed to determine the actual IP and returns the result, just as if the CNAME was an A record. Flattening a CNAME technically breaks the DNS specification, but can be helpful for modern web development, allowing you to use the root of your domain as the address for a service.

You can use a flattened CNAME for your site's custom domain. The DNS record must be configured to refresh rapidly (ideally every 60 seconds). For a provider like Cloudflare, who will automatically set the TTL for a proxied CNAME to 300 seconds, you must also disable proxying by your DNS provider in order for Files.com to recognize the custom domain.

Some customers have discovered that it is possible to configure a CNAME record from a domain they control to their .files.com subdomain without configuring it in Files.com as a custom domain. We strongly recommend against this practice because this will not result in a valid SSL certificate for the custom domain, and it will not provision any dedicated IP addresses.

Regardless, some customers do it anyway because SFTP doesn't use SSL certificates at all. Please be aware that this method of pointing a domain is unsupported.

A "CAA" Record is a security feature of the DNS system that allows domain name owners to restrict which issuers are allowed to issue SSL Certificates for a given domain.

If your Custom Domain has a CAA record set in your DNS, you will need to either update your CAA record to allow our Certificate Authority to issue certificates or provide your own certificate.

We issue certificates through a popular Certificate Authority called Let's Encrypt.

If you have a CAA DNS record for your custom domain, you'll need to create another CAA record with the value letsencrypt.org, enabling us to issue the certificate.

If you need any help with this process, just let us know the service you're using to manage your DNS records (e.g. GoDaddy, Namecheap, etc.), and we'd be happy to assist.