Set Up a Custom Domain That Uses Your HTTPS Certificate
Upload an HTTPS certificate that you own to Salesforce servers, then serve your custom domain with that certificate. After you set up your domain in Salesforce, that domain can serve your Experience Cloud sites or Salesforce Sites.
Required Editions
| Available in: both Salesforce Classic and Lightning Experience |
| Available in: Enterprise, Performance, and Unlimited Editions. |
| Applies to: Salesforce Sites and LWR, Aura, and Visualforce sites |
| User Permissions Needed | |
|---|---|
| To view a domain: | Manage Custom Domains OR View Setup and Configuration |
| To add a domain: | Manage Custom Domains OR View Setup and Configuration plus either a Site.com Publisher license or Create and Set Up Experiences |
| To edit or delete a domain: | Manage Custom Domains |
| To add, edit, and delete custom URLs: | Manage Custom Domains OR View Setup and Configuration AND either Create and Set Up Experiences OR a Site.com Publisher license |
Unfamiliar with terms like DNS, CDN, and CNAME? Want to review the difference between a DNS resolver and a certificate? See Custom Domain Terminology.
-
Complete the prerequisites for this
option.
With this option, Salesforce hosts your domain using your HTTPS certificate. If a third party hosts your domain, if you use a web application firewall (WAF), or if you use a third-party content delivery network (CDN), see Use a Third-Party Service or CDN to Serve Your Custom Domain instead.
- From Setup, in the Quick Find box, enter Domains, and then select Domains.
- Click Add a Domain.
-
Enter the domain name.
Salesforce validates ownership based on the fully qualified domain name (FQDN) that you enter when you add a domain to your org. If you get an error message, point your custom domain to your org, and then wait for the changes to propagate. After you update your domain’s DNS record, it can take up to 20 hours for that change to take effect worldwide.
- For Domain Configuration Option, select Serve the domain with your HTTPS certificate on Salesforce servers.
-
Click the lookup icon (
), and then select your
certificate.
Here’s the Domain page when you select the domain configuration option to serve the domain with your HTTPS certificate.
The top of the page includes your 18-digit org ID and the format for the canonical name (CNAME) in DNS to point your domain to your org (1). To specify the certificate for this domain, use the certificate field (2). When you select the option to serve your domain with your HTTPS certificate on Salesforce servers, additional guidance includes the target host name to use for the CNAME record for your domain in DNS (3). Replace
[domain]with your domain name, such as www.example.com. -
If your domain is a registrable domain such as https://example.com, to avoid
vulnerabilities during HTTP redirects, select Allow HSTS preloading
registration.
This setting adds the preload directive to the HSTS header. After you enable this setting, submit your domain at https://hstspreload.org. For more information, including how to enable HSTS preloading for a domain with a subdomain, see Enable HSTS Preloading on a Custom Domain.
-
For Associated Org, select the org from which you want this custom domain to
serve site content.
For example, to serve the sites in your production org, select Production. Or select a sandbox where you want to test this custom domain.
This field only appears in production orgs with associated sandboxes. You can edit this field only from production orgs. For more information, see Test Your Custom Domains in a Sandbox.
-
Save your domain.
The status of your domain changes to Awaiting Custom URL. For domains with this domain configuration option, provisioning starts when you add the first custom URL.
-
To serve your sites via your domain, add a custom
URL.
When you add the first custom URL for your domain, Salesforce provisions the domain or gets it ready to be used. The provisioning process can take 4–14 hours. When that process is complete, the domain’s status on the Domains Setup page changes to Awaiting Activation and you receive an email.
Newly created custom domains use HTTP, not HTTPS, until you activate the domain.
-
To activate your domain, on the Domains Setup page, click
Activate next to your custom domain name.
Your site can be unavailable for 5–10 minutes, so activate your custom domain when your site traffic is low. When your site is active, the status changes from Awaiting Activation to Completed and the Current Domain Configuration Option changes to Salesforce Cloud.
This diagram shows the connectivity between your custom domain and your Experience
Cloud site content after you set up a custom URL to serve your site and activate
your custom domain. Dotted lines (
) represent DNS configurations, and the solid
line (
)
represents user traffic flow through HTTPS. The gray line represents traffic that
originates outside Salesforce, and the blue lines represent traffic that originates
in Salesforce. In this example, the domain name is www.example.com and the 18-digit
org ID is 00d000000000000013.
In DNS, a CNAME record points your custom domain (1) to the Salesforce internal CNAME record for your org (2), which includes your org ID. In Salesforce, your certificate is stored on a secure server (3). Salesforce uses that certificate to serve the content from your Experience Cloud site (4).
