Changing the address of your Help Center subdomain (host mapping) Follow

team professional enterprise plans

By default, the address of your Help Center is a Zendesk subdomain, such as "mycompany" in mycompany.zendesk.com. However, you can map a subdomain of your own domain (such as support.mycompany.com) to your default Zendesk address. This feature is called host mapping.

A host-mapped Help Center address looks as follows:

For example, suppose your company is called Mondo Cameras and the address of your main website is mondocam.com. After signing up to Zendesk Support, the initial address of your Help Center might be something like mondocam.zendesk.com/hc. You can change the Help Center's address to a subdomain of your company's domain, such as support.mondocam.com/hc.

Keep in mind that host mapping does not affect the URL where agents log in, only your Help Center. Agents will continue to log in at mycompany.zendesk.com.

Note: If your Help Center requires sign-in, you will need to update your Web Widget code or your Web Widget will not return search results (see Web Widget search returns no results in host mapped Help Center which requires sing-in).

The workflow for changing the address consists of the following steps:

  1. Getting a domain name and subdomain (if you don't already have one)
  2. Making the subdomain an alias of your default address
  3. Specifying the new address
  4. Setting up hosted SSL

Tip: Because of potentially long lead times, consider your SSL options early in the process of setting up your Zendesk Support.

After setting up a host-mapped, SSL-enabled domain, you can perform any of the following management tasks:

Note: You can use host mapping for subdomains such as the "support" subdomain in support.mondocam.com. You cannot use host mapping for so-called "second level" domains, such as mondocam.com or mondocam.co.uk. In particular, you cannot use the name if it contains a DNS SOA (start of authority) record. To determine whether an SOA record exists, visit http://www.zoneedit.com/lookup.html. In the "DNS Lookup" box, enter the name and select the SOA record type. You can also use a command-line tool such as "dig" on Linux.

Getting a domain name and subdomain

If not already done, register a domain name and add a support-related subdomain to it.

Note: Working with domain names and subdomains can be confusing because it's something most of us rarely do. Consult your system administrator, if you have one, before proceeding.
  1. Purchase and register a domain name with a domain registrar.

    You can purchase and register a domain name from any domain registrar, including GoDaddy, Yahoo! Domains, Namecheap, 1&1, Netregistry, or Register.com. For instructions, see the Help on the registrar's website. For more information, see How to Register Your Own Domain Name by Christopher Heng on thesitewizard.com.

    For example, if your company is called Mondo Cameras, you might register a domain name called mondocam.com.

  2. After registering the domain name, use the registrar's tools to add a support-related subdomain such as "support" or "help" or something along those lines. Example: support.mondocam.com. You'll make the subdomain an alias of your default Zendesk address in the next section.

    See the Help on the registrar's website for instructions on adding a subdomain.

Making the subdomain an alias of your default address

The next step is to make your subdomain an alias of your default Zendesk address. An alias is simply an alternate address for a website. For example, you can make the addresses "support.mondocam.com" and "mondocam.zendesk.com" interchangeable as far as web browsers are concerned.

Note: You need to create a CNAME record on your domain registrar' website to create the alias. If you have any concerns, consult your system administrator, if you have one, before proceeding.

To make your subdomain an alias of your default Zendesk address:

  1. Sign in to your domain registrar's control panel.

    Use the login name and password that you created when you registered the domain name. If you don't have a domain name and a subdomain yet, see Getting a domain name and a subdomain.

  2. Look for the option to change DNS records.

    The option might be called something like DNS Management, Name Server Management, or Advanced Settings.

  3. Locate the CNAME records for your domain.

    A CNAME record, or Canonical Name record, is a type of alias used by the Domain Name System (DNS). Among other things, a CNAME record can be used to make a subdomain an alias of an external website. For more information, see CNAME records on the Networking4all website.

  4. Do one of the following:
    • If you don't have a CNAME record for your subdomain yet, look for an option to add a new record.
    • If you already have a CNAME record for your subdomain, look for an option to edit the record.
  5. Point the CNAME record from your subdomain (shown in the Host Record field in the example below) to your Zendesk subdomain (shown in the Points To field).

    The UI and terminology may vary depending on your registrar, but the concepts are the same.

Note: It may take time for changes to the DNS system to be implemented. Typically, it can take anywhere from a few hours to a day, depending on your Time To Live (TTL) settings in the registrar's control panel. In the example above, the TTL is 14,400 seconds, or 4 hours.

Specifying the new address

After making your subdomain an alias of your default Zendesk address, you need to specify the new address in your instance of Zendesk Support. If you omit this step, your new address will point to a Zendesk error page.

The instructions in this section apply if you only have one brand. If you added multiple brands, specify your addresses in Manage > Brands instead of Settings > Account. See Adding multiples brands.

  1. Click the Admin icon () in the sidebar, then select Settings > Account.
  2. Select the Branding tab at the top of the page.
  3. Scroll down to the Host Mapping section and enter your subdomain and domain name.

  4. Click Save Tab.

The next step is to set up hosted SSL. See the following section for instructions.

Setting up hosted SSL

SSL (Secure Socket Layer) is an encryption protocol that ensures secure communications with your website. Zendesk can get a free SSL certificate for your host-mapped domain, or you can provide your own certificate.

Getting a Zendesk-provisioned SSL certificate

You can get a free SSL certificate for your host-mapped domain or domains if you're on the Team, Professional, or Enterprise plans. This is a SNI-based SSL option rather than an IP-based option.

The SSL certificate covers all your host-mapped domains. Zendesk generates a new SSL certificate when you add, update, or delete a host-mapped domain. Zendesk also renews the SSL certificate before it expires.

Your host mapping must be set up correctly before you start.

  1. In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page.
  2. In the Hosted SSL section of the page, click Enable Zendesk-provisioned SSL.
  3. Click Save.

Zendesk requests a SSL certificate from Let's Encrypt, a third-party certificate service. It can take up to 2 business days to complete the request.

Providing your own SSL certificate

If you prefer not using Zendesk-provisioned SSL, you can get and upload your own SSL certificate as described in this section. If you don't upload a certificate, your users may experience certificate errors or be redirected to your default zendesk.com subdomain.

Getting your own SSL certificate

If you already have a certificate for your host-mapped address, skip to Uploading the certificate below.

You purchase a SSL certificate from a certificate authority such as DigiCert or Symantek, or from resellers such as Namecheap. You need to give the certificate authority a certificate signing request file (CSR) to create the certificate. You can generate the CSR, as described below.

If you have multiple host-mapped brands, you only need one certificate for all of them -- you don't need a SLL certificate for each brand. However, if you add a host-mapped brand, you need to replace your existing certificate with a new one. Generate the new certificate as described in the procedure below. For more information on host-mapped brands, see Generating an SSL certificate for host-mapped brands.

To get a SSL certificate

  1. In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page.
  2. In the Hosted SSL section of the page, click I do not have a certificate, and then Generate a request. A certificate signing request file (CSR) is created and downloaded to your computer.

  3. Provide the CSR file to the certificate authority.

    The certificate authority generates a SSL certificate and gives it to you so that it can be installed on our servers.

    Certificate authorities charge a fee for each request so keep the following tips in mind:

    • Before you buy, make sure your certificate authority supports SHA-2 encryption. The CSR file generated uses SHA-2 encryption
    • If prompted, specify "Nginx", "Apache" or "Apache + mod_ssl" as the desired web server
    • After the certificate authority generates the certificate file, save it so you don't have to make another request
    Note: We strongly discourage using wildcard certificates. If your certificate is compromised anywhere on any of the services you use, the information on all your services is at risk. You also have to replace the certificate everywhere it's used.

Once you have a SSL certificate, the next step is to upload it as described below.

Uploading the certificate

After purchasing the SSL certificate, the certificate authority will send you an email or direct you to a page where you can download the certificate. The instructions are often unclear about what files you really need or if you should prepare them before uploading them. For guidance, see Identifying and preparing your SSL certificate.

After obtaining or preparing the SSL certificate as a PEM file as described above, upload it to our servers as follows.

  1. In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page.
  2. In the Hosted SSL section of the page, click I have a certificate, then Upload certificate.

  3. Navigate to the PEM file and select it.
  4. Select the SNI-based or IP-based SSL option:

    SNI-based SSL (Team, Professional, and Enterprise) - The Server Name Indication (SNI) option is easier to set up, but not all HTTP libraries and browsers support it.

    • SNI is not supported by some libraries that developers use to make HTTP requests to the Zendesk API, most notably Java before 1.7 and Python before 3.2 (except for 2.7.9). If you have applications or integations that call the Zendesk API, make sure any HTTP library supports SNI.
    • SNI is not supported on all browsers, most notably on any Internet Explorer version on Windows XP or Windows Server 2003. See the the SNI client side limitations on Wikipedia. However, because the minimum requirements for Help Center for Internet Explorer is IE8 and higher, and then only if IE8 is running on Windows 7 or higher, this shouldn't be an issue for Help Center users.

    IP-based SSL (Professional and Enterprise plans) - Widely supported and time-tested, but is not available on the Team plan, takes up to 5 business days to take effect after uploading the certificate, and requires you to change your CNAME record (in step 6).

  5. If you have a private key associated with the certificate, click Upload private key and enter your passphrase if any. You don't need a key if you generated the CSR file in Zendesk Support. For more information, see Getting a key file for upload.
  6. Click Save.

    The certificate will be installed on our servers. If you selected the IP-based SSL option, the approval and installation process takes up to five business days.

Update the CNAME record

IP-based hosted SSL - After the certificate is approved, go back to your domain registrar and change the subdomain alias you specified in your CNAME record from "subdomain.zendesk.com" to "subdomain.ssl.zendesk.com".

SNI-based hosted SSL, and Zendesk-provisioned SSL - Zendesk requires that the DNS record be a CNAME record that points to subdomain.zendesk.com. DNS "A" records are not supported.

For more information, see Making the subdomain an alias of your default Zendesk address above.

Reviewing the SSL status of a certificate

You can review the SSL status (CNAME check) of your host-mapped, SSL-enabled brands in the Zendesk Support interface.

  1. In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page. The SSL page displays information about your certificates:

    Note: This view of the SSL page is only displayed if you have a host-mapped, SSL-enabled domain.
  2. Refresh the page to run the SSL status check again.

Replacing a certificate

You can replace a certificate installed on Zendesk Support.

Zendesk will notify you when the certificate you provided is about the expire. If it expires before you can replace it, Zendesk will automatically replace it with a free, SNI-based SSL certificate from Let's Encrypt, a third-party certificate service. See Getting a Zendesk-provisioned SSL certificate. You can keep the certificate or replace it with your own.

  1. In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page.
  2. Click Replace Certificate on the lower side of the certificate.

    Note: This view of the SSL page is only displayed if you have a host-mapped, SSL-enabled domain.
  3. If you don't have a replacement certificate yet, click I do not have a certificate and follow the steps in Getting a SSL certificate above.
  4. If you have a replacement certificate, click I already have a certificate and follow the steps in Uploading the certificate above.

Switching SSL options

You can use SNI-based or IP-based SSL for your host-mapped domain. See Uploading the certificate above for details about the benefits of each option.

To switch from one option to the other

  1. In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page.
  2. Click Replace Certificate on the lower side of the certificate.

    Note: This view of the SSL page is only displayed if you have a host-mapped, SSL-enabled domain.
  3. Click I already have a certificate and follow the steps in Uploading the certificate above, making sure to select the other SSL option this time.
  4. Modify your CNAME record as follows:
    • For IP-based hosted SSL, Zendesk requires that the DNS record be a CNAME record that points to subdomain.ssl.zendesk.com
    • For SNI-based hosted SSL, as well as Zendesk-provisioned SSL, Zendesk requires that the DNS record be a CNAME record that points to subdomain.zendesk.com

    For more information, see Making the subdomain an alias of your default Zendesk address above.

Extending HTTP Strict Transport Security (HSTS) to one year

HTTP Strict Transport Security (HSTS) is enabled by default for host-mapped, SSL-enabled domains in Zendesk Support. HSTS instructs users' browsers to access your host-mapped domain only over SSL.

When a user types "http://shop.example.com" or just "shop.example.com" to access a SSL-enabled site that doesn't have HSTS, the user's browser briefly accesses the non-encrypted version of the site before being redirected to the encrypted HTTPS version. The redirect makes the user vulnerable to a man-in-the-middle attack, where a hacker exploits the redirect to redirect the user to a malicious site.

When HSTS is enabled, the site instructs the user's browser to never load the site using HTTP. The browser automatically converts all such attempts to HTTPS requests, skipping the redirect that hackers can exploit for man-in-the-middle attacks. As long as the user accessed the site once using HTTPS, the user's browser will know to only use HTTPS to access it.

The browser remembers the site only for a specified period. By default for Zendesk SSL-enabled domains, the period is 1 day. You can increase the period to 1 year.

Note: This feature is only available if you have a host-mapped, SSL-enabled domain.

To extend the period the browser remembers your site to one year

  1. In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page.
  2. Select the HSTS option to instruct browsers to remember the site for up to one year.
  3. Click Save.
Have more questions? Submit a request

Comments

  • 0

    If we make this change, will links to the original urls (the xxx.zendesk.com urls) still continue to work? Including through API access?

    Edited by Ed Pastore
  • 0

    Hi Ed!

    Yes, those links will still work!

  • 0

    Hello!

    So my company already has a support page on its website, and we want the Help Center to replace that page-- as in, we want to map the existing support subdomain of our website to the Help Center. If we already have SSL for our website, do I still need to go about obtaining a new one?

  • 0

    Hi Olivia,

    Not as long as that SSL also covers the subdomain that you will be Host Mapping.

    You would just have to upload the existing SSL to your Zendesk account. Here is the article on what you will need to do. Let us know if you have any other questions.

  • 0

    How do you access ZenDesk if the cert has expired.  I can't get in to refresh it?

  • 0

    Hi Gary!

    You should still be able to log in to your Zendesk even if the SSL cert is expired. Can you describe the behavior and any error messages you're getting?

  • 1

    Sorry if this has already been asked. I recently opted into using the zendesk provisioned SSL and after doing clicking "save" there is a new checkbox below which says, "Instruct browsers to require SSL on your host-mapped domain for up to one year". Do you recommend checking this? 

  • 0

    Hello Jason,

    we wouldn't have specific recommendation for this, but as per article the default for Zendesk SSL-enabled domains is 1 day. Please also find our article here on

    Providing secure communications with SSL

     

  • 1

    If you setup host-mapping for your zendesk subdomain, be aware that users will need to allow cookies from third parties in order to login. 

    Zendesk generates tickets with your host domain (example.company.com) as well as subdomain.zendesk.com.

    Users who do not enable third-party cookies will see an error that they need to enable cookies, even if cookies are enabled for "Sites I visit". "Allow from third party sites" must be enabled. 

  • 0

    I noticed that when I browse to:

    https://support.mycompany.com it changes the address in the address bar to https://mycompany.zendesk.com/hc/en-us.

     

    Is this by design or is something not setup right? I will say, I haven't enabled SSL yet but that shouldn't matter, should it?

  • 0

    Hi Jon,

    You want to be sure that you have setup some sort of hosted SSL as defined above. You can either upload your own certificate or sign up for an SNI certificate. Have a look at the section titled "Setting up hosted SSL" above.

    Hope that helps. If you continue to have issues, feel free to submit a ticket.

  • 0

    There is a note under Host Mapping: 

    >Use this setting to map one of your own domain names to Zendesk (for example use support.mybusiness.com, instead of plesk.zendesk.com). The domain name you enter here is also used in the email notifications sent from your Zendesk

    In fact it does not work at all:

    {{ticket.link}} - does not work, it shows sub.zendesk.com

    #{{ticket.id}} - does not work, it shows sub.zendesk.com

    {{ticket.url}}  - in macroses does not work

    The only way is to write something like this: 

    https://mydomain.support.com/{{ticket.id}}

     

    Edited by Anton Maslov

Please sign in to leave a comment.

Powered by Zendesk