Mobile app version of vmapp.org
Login or Join
Megan663

: 301 Redirect Causes Insecure Connection Warning My client's primary domain name is a variant of a commonly spelled name, for example domein.com. To avoid losing traffic, they also purchased domain.com.

@Megan663

Posted in: #301Redirect #Https #SecurityCertificate

My client's primary domain name is a variant of a commonly spelled name, for example domein.com. To avoid losing traffic, they also purchased domain.com. The live site is at domein.com. When I do a 301 redirect of domain.com (that doesn't have SSL) to domein.com, it generates an insecure connection warning.

Is it possible to do this without generating a warning? Is it necessary for domein.com to have an SSL certificate?

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Megan663

2 Comments

Sorted by latest first Latest Oldest Best

 

@Si4351233

Yes you need a certificate to redir domein.com to domain.com. This is because of the handshake that occurs before anything is picked up and routed. The browser will flag it as insecure, or it may not allow you to go through the redir at all in some cases such as HSTS.

As mentioned in the other answer, there is Let's Encrypt, which offers free 90 day certificates. However, unless your host uses WHM 58+ and has installed the LE AutoSSL patch, you will not have this option available. This is because you are on a shared server and there is no cPanel frontend for LE. It's only available via WHM backend. Once your shared host goes v58 with the AutoSSL patch, and makes it available to your account via "Feature Manager", then any attached domain will be able to use SSL. There is a caveeat though -- the domain must not be a forwarder, else LE won't be able to make a .tmp file route (or .well-known folder) to verify the domain is indeed yours, nor to auto renew it in the future.

So StartSSL is another option for free certificates too. It requires a bit of manual intervention, although they are starting to automate too. You could generate one and manually put it in via cPanel. Same rules may apply to the automate, only in this case its probably not going to be available on a shared host. So I have a better idea:

Use Cloudflare.

Cloudflare is a zone manager, has free SSL certs, it's a CDN, has page rules or forwarding, etc. Using the flexible SSL you are able to secure any domain, regardless whether the underlying server has a certificate or not. This is by far the most hassle-free way to get a free SSL on a forwarder domain.

10% popularity Vote Up Vote Down


 

@Shanna517

If the original request is for a HTTP page without SSL then it won't fire a warning. Make the search default/links for that site http: instead of https:. The issue is that it's checking the certificate against the initially requested domain and finding it invalid.

The alternative is to get a certificate that covers both. You can get one for free with the Lets Encrypt project. They don't do wild cards but there's no limit to named domains that can be included.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme