- Docs
- Customization
- Custom Domain
- Troubleshooting Custom Domain
Troubleshooting Custom Domain
Custom domains are a powerful and flexible tool, but they require several distinct pieces to be correctly configured to function as desired. This section includes topics that may help you avoid known issues while navigating your custom domain setup.
Recommended TTL Settings
We strongly recommend setting the TTL (Time to Live) for your custom domain CNAME
records as low as permitted by your DNS provider, usually between 30 and 60 seconds. A short TTL minimizes the disruption when you change you the DNS record, such as when switching between your own SSL certificate and a Files.com-controlled certificate.
While you will encounter much higher recommendations elsewhere (even up to 24 hours) for the TTL of CNAME
records, we believe that the negligible performance gains this offers are offset by the potential disruption. When you're making changes to the address used by your customers, employees and vendors to access your site, you don’t want them waiting up to 24 hours to see the change. A low TTL helps updates happen faster and keeps everything running smoothly.
Insecure SSL Connection Warnings
If users or clients see warnings or errors stating that the connection to your custom domain is insecure then this indicates an incorrectly configured SSL certificate.
When using your own SSL certificate, ensure that you have imported the correct certificate and its corresponding intermediate certificate(s).
Missing or incorrect intermediate certificates will cause "connection is not secure" type messages to be presented to users and clients.
Using A Flattened CNAME
Some DNS providers, such as Cloudflare, automatically "flatten" CNAME
s defined on the root of a domain to return an IP address rather than a hostname when the CNAME
is resolved. The DNS provider internally performs the additional queries needed to determine the actual IP and returns the result, just as if the CNAME
was an A
record. Flattening a CNAME
technically breaks the DNS specification, but can be helpful for modern web development, allowing you to use the root of your domain as the address for a service.
You can use a flattened CNAME
for your site's custom domain. The DNS record must be configured to refresh rapidly (ideally every 60 seconds). For a provider like Cloudflare, who will automatically set the TTL
for a proxied CNAME
to 300
seconds, you must also disable proxying by your DNS provider in order for Files.com to recognize the custom domain.
Pitfalls Associated With Using CNAMEs That Aren't Registered in Files.com
Some customers have discovered that it is possible to configure a CNAME
record from a domain they control to their .files.com subdomain without configuring it in Files.com as a custom domain. We strongly recommend against this practice because this will not result in a valid SSL certificate for the custom domain, and it will not provision any dedicated IP addresses.
Regardless, some customers do it anyway because SFTP doesn't use SSL certificates at all. Please be aware that this method of pointing a domain is unsupported.
CAA Records
A CAA
Record is a security feature of the DNS system that allows domain name owners to restrict which issuers are allowed to issue SSL Certificates for a given domain.
If your Custom Domain has a CAA
record set in your DNS, you will need to either update your CAA
record to allow our Certificate Authority to issue certificates or provide your own certificate.
We issue certificates through a popular Certificate Authority called Let's Encrypt.
If you have a CAA
DNS record for your custom domain, you'll need to create another CAA
record with the value letsencrypt.org
, enabling us to issue the certificate.
If you need any help with this process, just let us know the service you're using to manage your DNS records (e.g. GoDaddy, Namecheap, etc.), and we'd be happy to assist.