Maintain Your Custom Domain

Update an Expiring Certificate

If Salesforce serves your custom domain with your HTTPS certificate, avoid disruption by renewing or replacing your certificate before it expires. Admins receive an expiring certificate notification email before the certificate expires. See Update an Expiring Certificate for Your Custom Domain.

Optimize the Salesforce CDN

When your custom domain serves your Experience Cloud site with the Salesforce CDN, each byte of traffic that’s requested on your custom domain counts toward your CDN usage amount. To learn how to monitor your Salesforce CDN usage and what happens if you exceed the terabyte limit, see Traffic Allowances for the Salesforce CDN.

To improve the performance of your LWR Experience Cloud site that’s served on the Salesforce CDN, cache Apex methods on the Salesforce CDN.

Change the Domain Configuration Option for Your Domain

Change the method for serving your domain. Switch from using a third-party service to serving your domain with the Salesforce CDN, or change the third party that serves your domain. See Change the Domain Configuration Option for Your Custom Domain.

Help Prevent Domain Takeovers

A domain takeover occurs when a malicious actor controls someone else’s domain. They then point the domain to a site that performs malicious activity. When a malicious attacker takes over your domain, your users’ trust in your company makes them more susceptible to the attack, and the resulting impact on your users can damage your brand.

A common reason for a domain takeover is a DNS record that points to a resource that’s no longer available. Such DNS records are also known as dangling DNS entries. To help prevent these attacks, if you change your domain name, review and update the DNS record for the old domain.

In Salesforce, a domain takeover can also occur when you use a third-party service or CDN to serve your domain, and then you change to another service or domain name. If you no longer have control over the DNS or service for the previous external host name, update your domain in Salesforce.

• If you removed your custom domain from the third-party service or CDN, update the external hostname field for your domain to the new service or change the domain configuration option for your custom domain.
• If you no longer use the custom domain, delete it.

For example, a third-party CDN serves your custom domain and the corresponding external host name for the domain is cdn.example.com. You remove your custom domain from that CDN, but the domain record in Salesforce isn’t updated to remove the pointer from www.example.com to cdn.example.com. In this situation, an attacker can potentially create an account with that CDN and then set up your custom domain in that CDN to serve content that’s under their control.

Move a Custom Domain to a New Org

If you purchase a new production org, your old org continues to serve your sites with your custom domain. To move the domain to your new org, set up the domain, and then delete the domain in your old org. Or if you have multiple production orgs, you can move an existing domain to an org of your choice. See Move a Domain to Another Production Org.

Use a Different Domain Name to Serve Your Site Content

Whether your brand changed or you simply want to use a different URL to serve your sites, you have two options.

• To serve your site content on an additional domain, add the domain in Salesforce. More than one custom domain can serve the same site content.
• To switch an existing custom domain to serve the site content on a different domain name and stop using the current domain, see Change the Domain Name for a Custom Domain.

Communicate Site Domain Changes

A change to your domain can impact external users, such as visitors to your Experience Cloud sites. To review recommendations about communicating to these groups before and after you activate an updated domain, see Notify Users and Customers About a My Domain Change.