Skip to main content

SSL Certificate Management for Custom Domains (FileWave-Hosted Servers)

What is this

This processarticle explains how FileWave can letmanage youSSL havecertificates aautomatically DNSusing name controlled by the customer and have Let'Let’s Encrypt managefor customers who use their own custom DNS names (e.g., filewave.forrest.com) with FileWave-hosted servers. This eliminates the need for customers to manually renew SSL certificate.

certificates,
providing a more secure and convenient experience.

When/Why

ItWhen your FileWave Server is hosted by FileWave and you use a custom domain to access it, managing SSL certificates typically becomes your responsibility. However, FileWave now offers a way to automate this process using Let’s Encrypt.

By delegating SSL management to FileWave:

  • You no longer need to track certificate expiry or handle renewals manually.

  • Your server remains secured with valid, trusted certificates.

  • The process is seamless once set up—and currently free for hosted customers.

This option is ideal for organizations that:

  • Use custom DNS names for branding or routing reasons.

  • Prefer hands-off, automated certificate handling.

  • Want to reduce reliance on third-party certificate management.

Note: While the service is currently free, FileWave may be that the SSL service hasintroduce a small future fee ofto likesupport $50/yrits ongoing development and maintenance. Customers will always be informed in the future. With GoDaddy selling $70/yr SSL it would seem like $50/yr is reasonable for convenienceadvance and wouldmay cover any development support we need for the featurechoose to beopt maintained. I doubt we'd charge moreout and I doubt customers will mind since they might be saving money if they don't have another reasonreturn to have like a wildcard SSL which is more expensive than $70/yr anyway from GoDaddy  but just keep in mind that a customer might have a charge for this in a future renewal and of course they could go back tomanaging their own SSLcertificates.

if

How

they

To wantedallow FileWave to butmanage thisSSL servicecertificates shouldfor beyour cheapercustom anddomain, automated.
follow these steps:

Open a

Support
Ticket

Customer

Start needsby opening a ticket with FileWave Support via the IT Service Desk. Indicate that you want to enable SSL management for your custom domain.

The Support team will:

  • Confirm your domain setup.

  • Provide you with the necessary DNS CNAME record value (based on a corresponding subdomain under filewave.net).

Add the Required CNAME Record to Your DNS

In your DNS provider’s control panel, create a CNAME pointingrecord that allows Let’s Encrypt to thevalidate FQDNdomain theycontrol use forvia the filewaveDNS-01 server.challenge Seemethod.

this

Format:

ticket
_acme-challenge.<your-domain> for reference: https://filewave.atlassian.net/browse/IS-6789

An Example

 A real-world example is filewave.forrest.com and below is theIN CNAME created:
_acme-challenge.<provided-subdomain>.filewave.net

Example:

_acme-challenge.filewave.forrest.com IN CNAME _acme-challenge.forrest.filewave.net
Another example is:
_acme-challenge.<customers.custom.domain> IN

This CNAME _acme-challenge.<name>.filewave.net.

allows
The
the
Let’s
Encrypt
system
to
validate the domain through FileWave’s infrastructure.

Check for Existing CAA Records

A CAA (Certification Authority Authorization) DNS record specifies which Certificate Authorities (CAs) are allowed to issue certificates for your domain. If a CAA record exists and does not include Let’s Encrypt (letsencrypt.org), then Let’s Encrypt will not be able to issue or renew your certificate.

To explainenable FileWave to manage the abovecertificate, example:ensure Onyour DNS includes a CAA record like:

yourdomain.com. IN CAA 0 issue "letsencrypt.org"

If you already have CAA records that restrict certificate issuance to other CAs, you’ll need to modify them to include Let’s Encrypt.

Need help with this? FileWave Support can assist in identifying and resolving any CAA-related issues during implementation.

FileWave Cloud Team Handles the leftRest

Once the DNS CNAME record is in place, FileWave’s Cloud Team will:

  • Verify the actual DNS namesetup.

  • Complete the configuration for SSL automation.

  • Monitor and renew certificates automatically on your behalf.

Related Content

Digging Deeper

Let’s Encrypt uses the ACME protocol to verify control of a domain before issuing a certificate. In this case, DNS-based challenges are used, where you prove ownership by creating a specific DNS record—an _acme-challenge CNAME pointing to a FileWave-managed subdomain.

By doing so, FileWave can securely respond to these challenges on your behalf, allowing the automation of issuance and renewal processes. This approach is especially useful when the server withis _acme-challenge.behind prependedload balancers, proxies, or hosted in environments where HTTP-based challenges (port 80) aren’t feasible.

If you’ve ever missed a certificate renewal deadline or find SSL tedious to manage, this automation will save time and thenavoid theoutages CNAME goesdue to theexpired acme challenge of what would be the filewave.net if they were not using their own DNS name. If you don't know what the name should be then Cloud could help you to know what to use. Once this DNS record was created and also of course the customer had to have an A record like any other customer would then all was well. Here's the A record for this example;

filewave.forrest.com. 3600    IN    A    34.236.200.223certs.

Confused at all?

But just create a Ticket for Cloud Team in IT Service Desk and Cloud will run through the process.
Back to top