• 12 May 2023
  • 3 Minutes to read
  • Dark
  • PDF


  • Dark
  • PDF

Article Summary

Domains allows you to configure additional domains (Virtual Hosts) to be accepted by a single Zone. This allows custom branding of the portal based on the domain that is used to connect to the zone. This is also useful in case of company name changes to accept both the new and old during a migration period.

The default domain is always present and cannot be removed. The virtual host of the default domain can only be changed with system permissions.

Changing the virtual host of the default domain

License will become invalid after changing the default domain and will cause downtime until the license has been updated with the new domain.


NameFriendly name of the domain
DefaultWhen checked, this is the default domain of the Zone.
EnabledWether or not the domain is enabled and usable.
Virtual hostVirtual host of the domain.
DescriptionDetailed description of the domain


TLS secures the connection between the user and the workspace.

If a default certificate for the webserver is required, then you should configure it though the Windows Certifcate Store, for more information please refer to the corresponding documentation: HTTPS (Webserver certificates).

You can have trouble reaching a zone if a zone certificate expires and HTST is enabled, please refer to your browser documentation how to remove the HSTS state in the browser for the zone domain.

You are only able to select a certificate that contains a private certificate. While not necessarily, it is best practice to only use certificates which have the full certificate chain imported. By default, HTTP.sys (part of the Windows OS) allows usage of insecure/obsolete protocols, ciphers, key exchange algorithms and hashes for maximum compatibility. As this allows a wide range of browsers to interact with the webserver, it also opens potential opportunities for TLS attacks. For hardening the TLS security, please see: TLS Hardening.

CertificateSelect the certificate to secure the webserver. If the certificate is not present in the list, you can add it by following the steps here.


With the ACME client you can automatically request and maintain certificates. At this moment, only “Let’s Encrypt” is supported. After enabling the ACME client, you can request a certificate. The ACME certificate will be checked if they need to be renewed every day from the system scheduled task “Check ACME certificates” by default.

Let’s EncryptRequested certificate are valid for 90 days. After 60 days, a new certificate will be requested.

The ACME client uses a certificate itself for authenticating against a provider, this certificate can be found under Management / Certificates after the first certificate has been requested. The requested certificates including the chain are stored at the same place.

Requirements for ACME usage

The provider will check if the zone name belongs to the requester. For this check to be successfully completed, the following must be in order:

  • The DNS name of the domain must be resolvable on the internet to the Liquit environment
  • The Liquit environment must be accessible over port 80 from the internet
    Redirects from HTTP port 80 to HTTPS port 443 are allowed when the redirects include the original request path. For example:[token] redirects to[token]. HTTPS port 443 is not required to have a valid SSL certificate, the ACME challenge mechanism will not validate any certificate.


Use ACMEIf ACME will be used.
ProviderThe provider that will be contacted.Yes
Contact email addressesThe email addresses for the ACME account. ACME errors will be mailed to these mail address as well.Yes

Was this article helpful?

What's Next