Date: 17th October, 2021
I bought this domain https://www.svraviteja.in from GoDaddy last year during lockdown for blogging to share some of my experiences. I have'nt taken any web hosting because I write blogs on Google blogger. Hence, I wanted domain only for branding. Though the GoDaddy site advertises domain at 199 INR/year, do not fall for it, as it is applicable only for people buying domain for minimum 2 years. I bought this domain roughly around 1400 INR including taxes for 2 years. I have not taken any SSL certificate for secure connection [it is costly and need to maintain (renew)]. However, you can see this connection is secured while reading this post by clicking lock symbol in the search bar and that is because Google provides free shared certificate for bloggers.
 |
| My blog's certificate issued by Google |
Okay, now I wanted to add a domain in my Salesforce Org to use it for my experience site branding. At first I thought of buying some random domain for testing. Later I thought of using same domain by creating a subdomain. We can create subdomain by just adding a CNAME record in your DNS manager. While adding CNAME record, make sure you select the lowest values for TTL field (Time to live). GoDaddy offers 1/2 hour as lowest.
I decided to add a subdomain "salesforce" to my domain svraviteja.in The URL of my site then becomes https://salesforce.svraviteja.in
Adding a domain:
To add your domain in Salesforce, we need to create CNAME record with host as your domain and target as Salesforce in the format of [YourFQDN].[Your18charOrgId].live.siteforce.com
This steps is very important and if you make any mistake, Salesforce will not be able to verify your domain identity and simply throws an error as below.
Error: Salesforce.com can't validate the domain. The CNAME record may still be processing (which can take up to 24 hours), or the domain may not belong to you. Make sure the domain name salesforce.svraviteja.in uses salesforce.svraviteja.in.00dxxxxxxxxxxxxxxx.live.siteforce.com as its CNAME target and try again later.
I added CNAME record as above mentioned with TTL lowest value that is 30 mins and tried adding domain in my Salesforce Org. Even after 4 hours, I am getting the same error. Very rarely it takes up to 24 hours for our CNAME record to propagate in every DNS all over the world. I understood that something is wrong with my CNAME record and then realized that I need to add host value as only "salesforce" and not "salesforce.svraviteja.in" because I am using subdomain here. By looking at Salesforce error and suggestion, many can make a mistake in this step.
This time I have added a CNAME record correctly with host as "salesforce" and target as "salesforce.svraviteja.in.00dxxxxxxxxxxxxxxx.live.siteforce.com". Then I tried adding this domain "salesforce.svraviteja.in" in my Salesforce Org with No HTTPS option because as I informed earlier, I do not have certificate. There are few sites provide free certificate but needs to be renewed every 90 days and you need to have web hosting to access site cPanel.
 |
| CNAME record for Salesforce |
I now successfully added my domain to Salesforce but it will not serve under HTTPS secure connection.
 |
| Not secure connection |
Updating HTTPS option for domain
Now a days almost every site is secured and also this is required to build trust with your site visitors. Salesforce provides 4 options for HTTPS in which one is No HTTPS (Temporary). When you are using this option, your domain is not secured.
Lets look at remaining 3 options to serve custom domain and they are as below:
1. Salesforce serves the domain over HTTPS on Salesforce’s servers using your HTTPS certificate
This option requires a CA-signed certificate using Certificate and Key Management for your domain which I do not have and hence I cannot go with this option.
2. A non-Salesforce host or service serves this domain over HTTPS
This option allows you to serve the domain using a non-Salesforce host or service. Specify the hostname of the external server or host so Salesforce’s CNAME can point to it. I cannot go with this option as I do not have any such host.
3. Salesforce serves the domain over HTTPS using a Salesforce content delivery network (CDN) partner.
This option allows only Experience Cloud sites to be linked to the domain. New custom domains selecting this option use a single certificate. Only one domain is displayed on the certificate. Ten single certificates are available with the purchase of an Experience Cloud license. Contact your account representative if more certificates are needed.
This suits my requirement, I get free HTTPS secured connection with this option. The caveat here is the site traffic is routed through Salesforce partner CDN (Akamai) but good thing is my site pages load faster with CDN. However, many privacy concerned customers do not choose this option instead buy their own certificate and add in Salesforce.
For this we need to add another CNAME record in our DNS manager and this time it is for the CDN service. The format is, host as _acme-challenge.[YourFQDN] and target as _acme-challenge.[YourFQDN].[Your18charOrgId].live.siteforce.com
This is again very important step and this time I have created CNAME record correctly with host as " _acme-challenge.salesforce" and target as "_acme-challenge.salesforce.svraviteja.in.00dxxxxxxxxxxxxxxxx.live.siteforce.com"
 |
| CNAME record for CDN |
 |
| Provisioning Status |
 |
| Awaiting Activation after CDN provisioning |
 |
| Domain Activated |
Finally, I have successfully added my domain in Salesforce Org and served it over HTTPS
 |
| Domain Secured |
Useful Salesforce Help Articles:
Considerations for Using a Content Delivery Network (CDN) for Your Experience Cloud Site
If you have any queries (or) if you face any issues during this setup, feel free to reach out to me via below comment box and I will try to help you.
Good one
ReplyDeletePost a Comment
If you have any doubts, Please comment below and I will respond to you.