Custom Domain

Files.com makes the process of setting up a custom domain easy. You will need both administrator access to your Files.com site, as well as access to your account with the DNS provider for your domain (e.g. GoDaddy, NameCheap, Route 53, etc.)

Your files.com subdomain will continue to work after adding a custom domain.

You can use any subdomain of any domain that you control. We recommend not using ftp as the first part of your domain (such as ftp.<your-domain>), since this will cause some browsers to improperly access the Files.com web interface.

Instead, we suggest using something like files.<your-domain>.

Once you have chosen your custom domain, the next step is to set up a CNAME DNS record with your DNS provider. The CNAME value will depend on whether you want your custom domain to use an SSL certificate provided by Files.com(recommended), or use your own SSL certificate.

If you plan to use SSL provided by Files.com, your CNAME record must point at your subdomain address.

If you are using your own custom SSL certificate your CNAME will point to an address that contains your subdomain name in the form s-[subdomain].di.app.files.com

Files.com provides SSL certificates for custom domains free-of-charge. Renewals are handled automatically, and no further action is required on your part to keep the certificate active once set up. We use a popular Certificate Authority called Let's Encrypt, to create certificates that are valid for 90 days, and our system automatically begins the renewal process two weeks before the expiration date.

To set up your custom domain to use an SSL certificate provided by Files.com, simply create your CNAME record pointing your custom domain to your Files.com subdomain (e.g. your-subdomain.files.com).

Once you have created the CNAME record, you can complete the setup of your custom domain by adding your custom domain in Files.com.

Certificate provisioning in Files.com is very fast. We are generally able to provision and activate a certificate in 10-15 minutes after the DNS change has propagated and the domain has been added to Files.com according to our instructions.

If you prefer to use your own SSL certificate rather than one provided by Files.com, you will first need to upload and activate your SSL certificate at Settings > Site identity > SSL Certificates > Manage SSL Certificates.

If you have already obtained your SSL certificate, simply click the Upload and use your own certificate button to upload it. You will need to provide the certificate's private key (and key password if the key is encrypted), the certificate itself, and the intermediate certificates from your certificate authority.

If you haven't yet obtained a certificate, you can use the Generate CSR link to generate a new secure keypair and certificate signing request (CSR) which you can provide to any accredited SSL Certificate authority when purchasing an SSL certificate.

Some SSL vendors request the web server type as part of the certificate generation process. Files.com requires a certificate in OpenSSL format, which can usually be obtained by choosing the option for Apache, Linux, or Other.

For security purposes, we strongly recommend generating a new certificate that is used only by Files.com and is scoped to the exact subdomain used by Files.com (such as files.your-domain.com).

After uploading your SSL certificate, click the Activate button to activate it. Once your SSL certificate is active, the CNAME record value to use will be displayed under DNS Configuration.

In the example screenshot above, the CNAME value for the files.example.com) custom domain is s-example.di.app.files.com.

Once you have created the CNAME record, you can complete the setup of your custom domain by adding your custom domain in Files.com.

If you set up your custom domain using your own SSL certificate, and later wish to switch to using a certificate provided by Files.com, you can easily do so by deactivating your SSL certificate at Settings > Site identity > SSL Certificates > Manage SSL Certificates, and then updating your CNAME record according to the instructions for using an SSL certificate provided by Files.com.

Before switching back from using your custom SSL certificate, be aware that:

• Manual intervention from Files.com Support is required. You should plan on arranging to have our Support team on the phone with you during the switch. Support is available during US Pacific Time Zone working hours.
• There will be some outage time during the switch but working with our Support team will minimize it.
• A custom domain is required in order to enable insecure ciphers for SFTP only, which you will no longer be able to utilize.

To switch back, the steps are:

• Reduce the TTL of your CNAME record from the default TTL value down to 60 seconds. A lower TTL will minimize the outage time.
• Wait for the duration of the previous TTL, usually around 24 hours, before progressing to the next step.
• Contact Files.com Support and have them live on the phone for the next steps.
• Change the CNAME record of your domain from s-[subdomain].di.app.files.com to [subdomain].files.com. (Files.com uses different CNAME records for Files-provided certificates versus customer provided certificates.)
• Files.com Support will validate the CNAME change and issue a new certificate.
• Once the new certificate is in place, you can restore the TTL of your CNAME record to its previous value.

Your SSL certificate will be used for any connections to your site that involve TLS encryption, which includes the web interface, the REST API, FTP, and WebDAV.

SFTP will not use the certificate, since that protocol uses SSH encryption instead of TLS.

Once you set up and activate your own SSL certificate, only connections initiated to your site via your custom domain will use that certificate.

Connections via your files.com subdomain will still use our Files.com certificate, since your certificate would not be valid for our domain.

As part of the custom domain setup process, Files.com automatically provisions two dedicated IP addresses that are exclusive to your site and act as static IP addresses. This means that if you have users who restrict outbound access via a firewall, they will only need to whitelist your two dedicated IP addresses in order to access your site via the custom domain, rather than having to whitelist our entire published list of IP addresses.

You can view your dedicated IP addresses at Settings > Integrations > Others > View firewall configuration information.

It is our goal to have your Dedicated IPs remain the same, and we work hard to avoid having IP Addresses change out from under you. In practice, dedicated IPs for our customers have remained the same for the past several years.

If we ever have to make changes to your IP addresses, we will endeavor to provide advance notice.

For extra capabilities, we have implemented an automated mechanic for you to be able to get real time notifications when a change occurs. You can achieve this by polling the /ip_addresses API endpoint shown in our API documentation. This endpoint returns a response including both our published list of IP addresses, and your site's two dedicated IP addresses.

If you follow the steps listed in Removing Your Custom Domain, your dedicated IP addresses will be released after 5 days. If you are following the steps for Changing an Existing Custom Domain you'll need to update your DNS entries within that same 5-day period to keep the same dedicated IP addresses. If the DNS entries for your custom domain are not set up properly within that 5-day period, your dedicated IPs will be released to be used by other customers.

The geographic region of your Custom Domain, and its associated Dedicated IPs, are determined by the region specified as the Geographic region on Files.com servers of the top-level folder of your Files.com site.

When using a custom domain, if you change the primary region where files are hosted on your Files.com site, the region of your Custom Domain will also change and we will issue you new IP addresses in the new region and release your old IP addresses.

Implementing a Custom Domain, along with the associated Dedicated IPs, can have performance implications on the transmission speed of international file transfers.

Files.com provides global acceleration features to minimize the network distance between users and regional storage. These features are circumvented when a Custom Domain is implemented in a different region than your storage region, meaning that file transfer durations will take longer than usual.

To maintain performance, we strongly recommend that your Custom Domain is implemented in the same region as your storage.

For global customers, note that all global users will be routed through the region of your Custom Domain and its Dedicated IPs. For example, if your Custom Domain is in Europe then all file transfers will be routed through Europe on their way to their final destination. This also applies to transfers to your Regional Storage. For example, if your Custom Domain is in Europe, and you have a folder that is stored in Singapore, then all file transfers to the Singapore folder will travel through Europe, even if they originate from Singapore itself.

You can set up multiple custom domains with a single Files.com site by providing your own SAN (or "multi-domain") SSL certificate that covers all of the domains you want to use.

After uploading and activating your SAN certificate at Settings > Site identity > SSL Certificates > Manage SSL Certificates, the DNS CNAME value to use for your custom domains will be shown in the table under DNS Configuration in the VALUE / ANSWER / DESTINATION column.

While this will allow you to access your Files.com site via any of the domains covered by your SAN certificate, Inboxes, Share Links, and links sent in welcome/signup and password recovery emails for your site will only use the custom domain configured at Settings > Site identity > Custom domain.

HTTP Strict Transport Security (HSTS) is a policy mechanism that allows web servers to declare that web browsers should automatically interact with it using only HTTPS connections. Use of HSTS is a recommended best practice.

We enable HSTS on our *.files.com subdomains by default, and we optionally allow our customers to enable HSTS on custom domains as well. There is a setting under Settings > Identity next to the custom domain that allows you to enable HSTS on your domain.

A "CAA" Record is a security feature of the DNS system that allows domain name owners to restrict which issuers are allowed to issue SSL Certificates for a given domain.

If your Custom Domain has a CAA record set in your DNS, you will need to either update your CAA record to allow our Certificate Authority to issue certificates or provide your own certificate.

We issue certificates through a popular Certificate Authority called Let's Encrypt.

If you have a CAA DNS record for your custom domain, you'll need to create another CAA record with the value letsencrypt.org, enabling us to issue the certificate.

If you need any help with this process, just let us know the service you're using to manage your DNS records (e.g. GoDaddy, Namecheap, etc.), and we'd be happy to assist.

It is possible to change an existing custom domain to a different one with minimal downtime, however there will always be a small period (about 5 to 15 minutes) of downtime.

This downtime is due to 2 things: (1) registering your SSL certificate (if we are registering it) and (2) a time delay where some of our edge servers will serve your old domain's certificate and others will serve your new domain's certificate.

We recommend you plan the switch for a time period where your site has minimal usage, such as a night or weekend.

To minimize downtime, perform the steps in the following order:

• If your new domain is already pointed to a location via DNS, update the Time To Live (TTL) values on the existing DNS to a low value, such as 60 seconds. This will tell DNS servers across the internet to prepare for a change in the destination of this domain. This step needs to be performed ahead of time, ideally 2-3 days ahead of time, to allow the maximum impact.
• If you will be providing your own SSL certificate, upload your new certificate prior to changing the custom domain. (If you will be using a certificate provided by Files.com, you may skip this step. We will generate the new certificate automatically when you change the custom domain.) This step may also be performed in advance of the move.
• When ready to switch, create DNS records for the new domain at your DNS provider. They will be the same as your existing custom domain DNS records. Then quickly change the domain setting in Files.com.
• Wait for the changes to take effect.
• The following day, you may update the Time To Live (TTL) values on your domain's DNS records to a higher value, such as 86400, or whatever you find appropriate.

If you are using dedicated IP addresses, you'll need to update your DNS entries within 5 days to keep the same dedicated IP addresses. If the DNS entries for your new custom domain are not set up properly within that 5-day period, your dedicated IPs will be released to be used by other customers.

If you have a Custom Domain installed be aware that it is tied to your site's subdomain (i.e. the [subdomain].files.com address that every customer gets) via the DNS records used to link your custom domain.

If you want to change your custom subdomain, you should expect downtime due to the DNS propagation needed to effect the change, and you will also need to make changes to your Custom Domain's DNS records contemporaneously with the change.

This downtime is caused by 3 things: (1) re-registering your SSL certificate (if we are registering it), (2) a time delay where some of our edge servers will serve your old subdomain's certificate and others will serve your new subdomain's certificate, and (3) the need to create DNS records in the Files.com DNS for your new subdomain.

We recommend you plan the switch for a time period where your site has minimal usage, such as a night or weekend.

To minimize downtime, perform the steps in the following order:

• Update the Time To Live (TTL) values on the existing DNS records for your custom domain to a low value, such as 60 seconds. This will tell DNS servers across the internet to prepare for a change in the destination of this domain. This step needs to be performed ahead of time, ideally 2-3 days ahead of time, to allow the maximum impact.
• When ready to switch, update your subdomain setting in Files.com. Then update the DNS records for your custom domain to use your new subdomain in the files.com CNAME part of the record.
• Wait for the changes to take effect.
• The following day, you may update the Time To Live (TTL) values on your domain's DNS records to a higher value, such as 86400, or whatever you find appropriate.

If you are planning on changing both your custom subdomain and domain, we recommend doing these events on separate days to reduce the risks and make rollback easier.

If you are using dedicated IP addresses, you'll need to update your DNS entries within 5 days to keep the same dedicated IP addresses. If the DNS entries for your custom domain are not set up properly within that 5-day period, your dedicated IPs will be released to be used by other customers.

When using your own SSL Certificate, the renewal of the certificate is managed by you yourself. You should plan to renew any expiring SSL Certificate prior to its expiration date and time. This applies to all certificate types, including Single Domain, Wildcard, or Multi Domain (SAN/UCC/MDC) certificates. Please contact your SSL Certificate Provider if you have any questions about the process.

Files.com can assist in creating the Certificate Signing Request (CSR) for the renewal.

For a certificate request to an existing certificate, navigate to Settings > Site Identity > SSL Certificates > Manage SSL Certificates, select the Renew button for the required certificate, complete the form, and select the Generate CSR button.

Once your SSL Certificate Provider has provided you with your renewed SSL Certificate, navigate to Settings > Site Identity > SSL Certificates > Manage SSL Certificates, select the Import button that corresponds to the Certificate Signing Request (CSR) that you created above, complete the form by pasting in your new Certificate and its Intermediate Certificates, then select the Save button.

Applying and activating a renewed SSL Certificate will not change your custom domain or its dedicated IP addresses.

Some customers have discovered that it is possible to configure a CNAME record from a domain they control to their .files.com subdomain without configuring it in Files.com as a custom domain. We strongly recommend against this practice because this will not result in a valid SSL certificate for the custom domain, and it will not provision any dedicated IP addresses.

Regardless, some customers do it anyway because SFTP doesn't use SSL certificates at all. Please be aware that this method of pointing a domain is unsupported.

Some DNS providers, such as Cloudflare, automatically "flatten" CNAMEs to return an IP address rather than a hostname when the CNAME is resolved. You can use a flattened CNAME , but you must disable proxying for your CNAME within your DNS provider in order for Files.com to recognize the custom domain.

To remove your custom domain, remove the current configuration (replace the current custom domain name with a blank) and save the blank configuration.

Web UI

1. Navigate to Settings > Site Identity > Custom domain.
2. Remove all text in the text input field.
3. Click Save.

API

Use the Update Site Settings API to configure the domain parameter to a blank value.

CLI APP

The Files.com CLI App can be used to remove your custom domain using this command:

files-cli sites update --domain ""

Removing your custom domain has the following effects:

• Your custom domain can no longer be used to connect to your Files.com site by any method. (Note that if you are connected to Files.com using your custom domain then, when the custom domain is removed, your connection will no longer be valid and you will need to re-connect to Files.com using the default site address.)
• Any dedicated IP addresses will be released after 5 days and will no longer function. If you add new custom domain settings and the proper DNS configuration to support your custom domain within those 5 days, your dedicated IP addresses will not change.