) > Settings > AccountBy default, the address of your Help Center is a Zendesk subdomain, such as "mycompany" in mycompany.zendesk.com. However, you can map a subdomain of your own domain (such as support.mycompany.com) to your default Zendesk address. This feature is called host mapping.
Host mapping is available if you have Support Team, Professional, or Enterprise and Guide Lite or Professional.
A host-mapped Help Center address looks as follows:
For example, suppose your company is called Mondo Cameras and the address of your main website is mondocam.com. After the company signs up to Zendesk Support, the initial address of your Help Center might be something like mondocam.zendesk.com/hc. You can change the Help Center's address to a subdomain of your company's domain, such as support.mondocam.com/hc. You can't modify your support address to direct to a specific page within your subdomain, such as mondocam.com/community/hc.
Keep in mind that host mapping doesn't affect the URL of the agent interface. It only affects the external-facing URL of Help Center. In the example, your agents will continue to see the default Zendesk URL mondocam.zendesk.com in the agent interface. If an agent tries to use the host mapped URL in the agent interface (such as to get to a ticket page like support.mondocam.com/agent/tickets/52), the agent will redirected to the default URL such as mondocam.zendesk.com/agent/tickets/52.
The workflow for changing the address consists of the following steps:
- Getting a domain name and subdomain (if you don't already have one)
- Making the subdomain an alias of your default address
- Specifying the new address
- Setting up hosted SSL
Tip: Because of potentially long lead times, consider your SSL options early in the process of setting up your Zendesk Support.
After setting up a host-mapped, SSL-enabled domain, you can perform any of the following management tasks:
- Reviewing the SSL status of a certificate
- Replacing a certificate
- Extending HTTP Strict Transport Security (HSTS) to one year
Getting a domain name and subdomain
If not already done, register a domain name and add a support-related subdomain to it.
- Purchase and register a domain name with a domain registrar.
You can purchase and register a domain name from any domain registrar, including GoDaddy, Yahoo! Domains, Namecheap, 1&1, Netregistry, or Register.com. For instructions, see the Help on the registrar's website. For more information, see How to Register Your Own Domain Name by Christopher Heng on thesitewizard.com.
For example, if your company is called Mondo Cameras, you might register a domain name called mondocam.com.
- After registering the domain name, use the registrar's tools to add a support-related subdomain such as "support" or "help" or something along those lines. Example: support.mondocam.com. You'll make the subdomain an alias of your default Zendesk address in the next section.
See the Help on the registrar's website for instructions on adding a subdomain.
Making the subdomain an alias of your default address
The next step is to make your subdomain an alias of your default Zendesk address. An alias is simply an alternate address for a website. For example, you can make the addresses "support.mondocam.com" and "mondocam.zendesk.com" interchangeable as far as web browsers are concerned.
To make your subdomain an alias of your default Zendesk address:
- Sign in to your domain registrar's control panel.
Use the login name and password that you created when you registered the domain name. If you don't have a domain name and a subdomain yet, see Getting a domain name and a subdomain.
- Look for the option to change DNS records.
The option might be called something like DNS Management, Name Server Management, or Advanced Settings.
- Locate the CNAME records for your domain.
A CNAME record, or Canonical Name record, is a type of alias used by the Domain Name System (DNS). Among other things, a CNAME record can be used to make a subdomain an alias of an external website. For more information, see CNAME records on Wikipedia.
- Do one of the following:
- If you don't have a CNAME record for your subdomain yet, look for an option to add a new record.
- If you already have a CNAME record for your subdomain, look for an option to edit the record.
- Point the CNAME record from your subdomain (shown in the Host Record field in the example below) to your Zendesk subdomain (shown in the Points To field).
The UI and terminology may vary depending on your registrar, but the concepts are the same.
Specifying the new address
After making your subdomain an alias of your default Zendesk address, you need to specify the new address in your instance of Zendesk Support. If you omit this step, your new address will point to a Zendesk error page.
The instructions in this section apply if you only have one brand. If you added multiple brands, specify your addresses in Manage > Brands instead of Settings > Account. See Adding multiples brands.
- Click the Admin icon () in the sidebar, then select Settings > Account.
- Select the Branding tab at the top of the page.
- Scroll down to the Host Mapping section and enter your subdomain and domain name.
- Click Save Tab.
The next step is to set up hosted SSL. See the following section for instructions.
Setting up hosted SSL
SSL (Secure Socket Layer) is an encryption protocol that ensures secure communications with your website. You must configure an SNI-based SSL certificate for a host-mapped domain using one of the two methods below:
- Use the free SNI-based SSL certificate from Zendesk (recommended)
- Use your own SNI-based certificate
Getting a Zendesk-provisioned SSL certificate
We recommend using the Zendesk-provisioned SNI-based SSL certificate for your host-mapped domain or domains if you're on the Team, Professional, or Enterprise plans. This is included for free with your Zendesk plan. The SSL certificate covers all your host-mapped domains. Zendesk automatically renews the SSL certificate before it expires.
Your host mapping must be set up correctly before you start.
- In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page.
- In the Hosted SSL section of the page, click Enable Zendesk-provisioned SSL.
- Click Save.
Zendesk requests a SSL certificate from Let's Encrypt, a third-party certificate service. It can take up to an hour to complete the request. If you have any issues, contact support@zendesk.com.
When you add, update, or delete a host-mapped domain, Zendesk removes your current certificate and replaces it with a new certificate that covers the new host-mapped routes.
Providing your own SSL certificate
If you prefer not using Zendesk-provisioned SSL, you can get and upload your own SNI-based SSL certificate as described in this section. If you use your own certificate, Zendesk will not automatically renew it when it expires.
Getting your own SSL certificate
If you already have a SNI-based certificate for your host-mapped address, skip to Uploading the certificate below.
You can purchase a SSL certificate from a certificate authority such as DigiCert or Symantec, or from resellers such as Namecheap. You need to give the certificate authority a certificate signing request file (CSR) to create the certificate. You can generate the CSR, as described below.
Make sure any SSL certificate you purchase supports Server Name Indication (SNI) technology.
If you have multiple host-mapped brands, you only need one certificate for all of them -- you don't need a SSL certificate for each brand. However, if you add a host-mapped brand, you need to replace your existing certificate with a new one. Generate the new certificate as described in the procedure below. For more information on host-mapped brands, see Generating an SSL certificate for host-mapped brands.
To get a SSL certificate
- In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page.
- In the Hosted SSL section of the page, click I do not have a certificate, and then Generate a request. A certificate signing request file (CSR) is created and downloaded to your computer.
- Provide the CSR file to the certificate authority.
The certificate authority generates a SSL certificate and gives it to you so that it can be installed on our servers.
Certificate authorities charge a fee for each request so keep the following tips in mind:
- Before you buy, make sure your certificate authority supports SHA-2 encryption. The CSR file generated uses SHA-2 encryption
- Make sure the certificate supports Server Name Indication (SNI) technology
- If prompted, specify "Nginx", "Apache" or "Apache + mod_ssl" as the desired web server
- After the certificate authority generates the certificate file, save it so you don't have to make another request
Note: We strongly discourage using wildcard certificates. If your certificate is compromised anywhere on any of the services you use, the information on all your services is at risk. You also have to replace the certificate everywhere it's used.
Once you have a SSL certificate, the next step is to upload it as described below.
Uploading the certificate
After purchasing the SSL certificate, the certificate authority will send you an email or direct you to a page where you can download the certificate. The instructions are often unclear about what files you really need or if you should prepare them before uploading them. For guidance, see Identifying and preparing your SSL certificate.
After obtaining or preparing the SSL certificate as a PEM file as described above, upload it to our servers as follows.
- In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page.
- In the Hosted SSL section of the page, click I have a certificate, then Upload certificate.
- Navigate to the PEM file and select it.
- If you have a private key associated with the certificate, click Upload private key and enter your passphrase if any. You don't need a key if you generated the CSR file in Zendesk Support. For more information, see Getting a key file for upload.
- Click Save.
The certificate will be installed on our servers.
Update the CNAME record
For either SSL option – you provide your own SSL certificate or you use Zendesk-provisioned SSL – Zendesk requires that the DNS record be a CNAME record that points to subdomain.zendesk.com. DNS "A" records are not supported. For more information, see Making the subdomain an alias of your default Zendesk address above.
Reviewing the SSL status of a certificate
You can review the SSL status (CNAME check) of your host-mapped, SSL-enabled brands in the Zendesk Support interface.
- In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page. The SSL page displays information about your certificates:
Note: This view of the SSL page is only displayed if you have a host-mapped, SSL-enabled domain. - Refresh the page to run the SSL status check again.
Replacing a certificate
You can replace a certificate installed on Zendesk Support.
Zendesk will notify you when the certificate you provided is about the expire. If it expires before you can replace it, Zendesk will automatically replace it with a free, SNI-based SSL certificate from Let's Encrypt, a third-party certificate service. See Getting a Zendesk-provisioned SSL certificate. You can keep the certificate or replace it with your own.
- In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page.
- Click I already have a certificate and follow the steps in Uploading the certificate above.
Note: This view of the SSL page is only displayed if you have a host-mapped, SSL-enabled domain. - If you don't have a replacement certificate yet, click I do not have a certificate and follow the steps in Getting a SSL certificate above.
Extending HTTP Strict Transport Security (HSTS) to one year
HTTP Strict Transport Security (HSTS) is enabled by default for host-mapped, SSL-enabled domains in Zendesk Support. HSTS instructs users' browsers to access your host-mapped domain only over SSL.
When a user types "http://shop.example.com" or just "shop.example.com" to access a SSL-enabled site that doesn't have HSTS, the user's browser briefly accesses the non-encrypted version of the site before being redirected to the encrypted HTTPS version. The redirect makes the user vulnerable to a man-in-the-middle attack, where a hacker exploits the redirect to redirect the user to a malicious site.
When HSTS is enabled, the site instructs the user's browser to never load the site using HTTP. The browser automatically converts all such attempts to HTTPS requests, skipping the redirect that hackers can exploit for man-in-the-middle attacks. As long as the user accessed the site once using HTTPS, the user's browser will know to only use HTTPS to access it.
The browser remembers the site only for a specified period. By default for Zendesk SSL-enabled domains, the period is 1 day. You can increase the period to 1 year.
To extend the period the browser remembers your site to one year
- In Zendesk Support, click the Admin icon () in the sidebar, select Settings > Security, then click the SSL tab at the top of the Security page.
- Select the HSTS option to instruct browsers to remember the site for up to one year.
- Click Save.
71 Comments
If we make this change, will links to the original urls (the xxx.zendesk.com urls) still continue to work? Including through API access?
Hi Ed!
Yes, those links will still work!
Hello!
So my company already has a support page on its website, and we want the Help Center to replace that page-- as in, we want to map the existing support subdomain of our website to the Help Center. If we already have SSL for our website, do I still need to go about obtaining a new one?
Hi Olivia,
Not as long as that SSL also covers the subdomain that you will be Host Mapping.
You would just have to upload the existing SSL to your Zendesk account. Here is the article on what you will need to do. Let us know if you have any other questions.
How do you access ZenDesk if the cert has expired. I can't get in to refresh it?
Hi Gary!
You should still be able to log in to your Zendesk even if the SSL cert is expired. Can you describe the behavior and any error messages you're getting?
Sorry if this has already been asked. I recently opted into using the zendesk provisioned SSL and after doing clicking "save" there is a new checkbox below which says, "Instruct browsers to require SSL on your host-mapped domain for up to one year". Do you recommend checking this?
Hello Jason,
we wouldn't have specific recommendation for this, but as per article the default for Zendesk SSL-enabled domains is 1 day. Please also find our article here on
Providing secure communications with SSL
If you setup host-mapping for your zendesk subdomain, be aware that users will need to allow cookies from third parties in order to login.
Zendesk generates tickets with your host domain (example.company.com) as well as subdomain.zendesk.com.
Users who do not enable third-party cookies will see an error that they need to enable cookies, even if cookies are enabled for "Sites I visit". "Allow from third party sites" must be enabled.
I noticed that when I browse to:
https://support.mycompany.com it changes the address in the address bar to https://mycompany.zendesk.com/hc/en-us.
Is this by design or is something not setup right? I will say, I haven't enabled SSL yet but that shouldn't matter, should it?
Hi Jon,
You want to be sure that you have setup some sort of hosted SSL as defined above. You can either upload your own certificate or sign up for an SNI certificate. Have a look at the section titled "Setting up hosted SSL" above.
Hope that helps. If you continue to have issues, feel free to submit a ticket.
There is a note under Host Mapping:
>Use this setting to map one of your own domain names to Zendesk (for example use support.mybusiness.com, instead of plesk.zendesk.com). The domain name you enter here is also used in the email notifications sent from your Zendesk
In fact it does not work at all:
{{ticket.link}} - does not work, it shows sub.zendesk.com
#{{ticket.id}} - does not work, it shows sub.zendesk.com
{{ticket.url}} - in macroses does not work
The only way is to write something like this:
https://mydomain.support.com/{{ticket.id}}
Hello,
Is there a way to have your Zendesk help center in a repertory of my website (www.mywebsite.com/helpcenter/...) instead of a subdomain (helpcenter.mywebsite.com/...) ?
If so, is there an easy way to transfer my existing help center from a subdomain to a repertory ?
Thanks !
A tip for all who try to use a wildcard certificate to serve multiple brands:
The CSR generator offered in Zendesk does not allow to specify a host name. You will have to use an external tool to generate the CSR, for instance openssl.
To generate the request and get both request and the required private key file, use the generator offered by Digicert:
The resulting command line can be used for instance on a Mac Terminal session. The Mac has installed openssl by default.
P.
Peter: Why bother when they now offer gratis integration with LetsEncrypt? One less thing to expire and go wrong.
I may be misreading my DNS checks, but to my eyes:
Doing this seems to result in the MX record for the CNAME target being valid for the host mapped subdomain, aiming SMTP traffic at a ZenDesk domain. If that's the case, can we use those interchangeably or get the host mapped subdomain added to the list of available domains for internal email addresses?
@Sean C:
Which comment does your comment refer to?
@Sean C:
Correct for Zendesk. However, not all tools are that customer friendly in this respect. Since we use a few others that require to submit a cert, this has just been standard procedure.
P.
Community center idea related to my comment above, calling on ZenDesk to start accepting and routing messages sent to our CNAME records. They inherit the target domain's MX record anyway, so why drop those messages?
https://support.zendesk.com/hc/en-us/community/posts/115006289767-One-domain-ZenDesk-Guide-Mail
Is it possible to have the URL be companydomain.com/help instead of help.companydomain ?
Hi,
Can we remove hc/en-us from the url??
Hello,
The URL cannot be modified beyond the subdomain being utilized for your account, anything from the '/hc/' and beyond will always be consistent. If you would like more control over the URL, you could host your knowledge base pages on your server and use the Help Center API to map the content into your site.
Hope this helps!
Hi,
I'm trying to update my SAN cert with additional subdomains. I used the same CSR to generate the updated cert, but I can't upload the cert to have the names added without the key. Where do I find the key?
Hi Karen! The private key can be downloaded from the server used to generate the CSR file. You can also request a CSR file from your Support account. If the SAN SSL certificate is issued based on the CSR file generated from your account, you won't need to upload a private key, as this is saved against our back end. I hope this helps!
Hi, I've changed to a new address "support.mybusiness.com". How do I keep that URL instead of https://subdomain.zendesk.com/hc/en-us?
Hi Huilee! You'd need to enable the Zendesk provisioned SSL certificate, or upload your own cert, by navigating to Settings - Security - SSL. This will do the trick!
Is there a best practice for changing the Help Center URL when rebranding/changing the company name?
Hey Justin!
We actually have an article on this which should help you with any questions you might have. You can find it here: Renaming your subdomain: the side effects.
Let us know if you have any other questions!
At the beginning of the article you mention that Host Mapping is available in :
- Guide : Lite and Professionnal
- Support: Team, Professionnal and Enterprise
If I go to Settings -> Account: I have the option for Host Mapping and it's already used
If I go to Subscription I have :
- Support : Regular
- Guide: Legacy
Does this Host Mapping is still available for this subscription plan ? As it's working now, I don't see obvious reason why it should stop, but just in case... we are looking to change that name.
Hi Pierre,
You're good to go. You can update your host mapping as you wish.
Both of your plan types (Support - Regular and Guide - Legacy) are grandfathered in here. Since you last subscribed or updated your plan type we went through some plan restructuring and naming, but left your plan as is.
Hope that helps!
Please sign in to leave a comment.