Skip to content

Instantly share code, notes, and snippets.

@tanner-west

tanner-west/godaddy-https-to-https-301-redirect.md

Last active January 28, 2024 17:50
Show Gist options
  • Save tanner-west/8aa8c9f48518cafab2b87c870696c0aa to your computer and use it in GitHub Desktop.
Save tanner-west/8aa8c9f48518cafab2b87c870696c0aa to your computer and use it in GitHub Desktop.
Download ZIP
Raw
godaddy-https-to-https-301-redirect.md

HTTPS to HTTPS 301 Redirects with GoDaddy: Impossible

We had a client who needed to redirect an entire domain (we'll call it firstdomain.com) to a specific page on another domain (seconddomain.com/path/to/content) No problem, we thought. Their DNS was handled with GoDaddy, who offers a no-charge 301 forwarding service. A colleague of mine set up the redirect the way you'd expect, with all traffic to firstdomain.com being redirected to https://seconddomain.com/path/to/content. Then we encountered a problem.

We started getting ERR_CERT_COMMON_NAME_INVALID errors when we tried to visit firstdomain.com in desktop browsers. No redirect occurred. Some, but not all mobile browsers didn't have this issue. Stepping back to examine the problem, two mysteries became apparent to me:

  1. How does GoDaddy actually send a 301 status? You need a HTTP server for that.
  2. What is the purpose of the mysterious A record in the domain's DNS records that point to 184.168.131.241?

The mysterious A record in question was not editable. After some Googling, I found a source that said some records may not be editable for domains with 301 redirects. I removed the 301 forwarding from the domain and behold, the mysterious record disappeared and was replaced with a record that directed to a GoDaddy parking page. I added the forwarding back to the domain and the mystery A record came back.

Digging in a little further, I discovered these facts:

  1. The IP address in question resolves to this address: https://shortener.secureserver.net/error_404
  2. The SSL certificate that caused the error at firstdomain.com is issued to shortener.secureserver.net

Having discovered these things, it dawned on me that the “shortener” address must be the service which is responsible for issuing the actual 301 responses for domains using the GoDaddy forwarding service. It made sense now that unless that domain could provide a certificate that contained firstdomain.com, we would encounter that error when trying to access that page at https://firstdomain.com.

I thought maybe the service was set up to reconfigure itself periodically to accommodate any newly added domains. After all, GoDaddy's support docs tell you to allow 24-48 hours for the forwarding service to take effect. More on this topic in a moment, but what about non https requests to firstdomain.com?

Until this point in my journey I had been taking for granted that my browser had been making all requests to firstdomain.com via https. What if I explicitly requested http://firstdomain.com? On my Mac, Chrome, Firefox, and Safari all redirected the request to SSL. I could only make a successful request over http by using the Insomnia desktop app (https://insomnia.rest) With Insomnia and with Chrome and Safari on my iPhone, the 301 redirect worked flawlessly. No errors in sight. Why were my desktop browsers being so stubborn?

Google brought me to this useful thread, which help me determine that, in fact, the site that was previously hosted at firstdomain.com was using an HSTS Policy which forces browsers to only access the site via https. This policy was being cached by my desktop browsers since I had visited the site when the old content was still being served. Clearing those policies from the cache made my browsers stop redirecting to https, and I could finally see the 301 redirect working on my Mac.

What about the SSL error? Was I right to assume that GoDaddy's forwarding service would be able to redirect requests to https://firstdomain.com? Unfortunately, no. I was wrong. I arrived at this conclusion based on a couple of things. In this thread, user PL281 mentioned a couple of times in passing that HTTPS to HTTPS forwarding on GoDaddy was not possible. It also ocurred to me that, at my last job, I had set up a number of "vanity" domains to forward to my company's main website via GoDaddy's forwarding service. I checked to see if those vanity domains were accessible via https. Alas, I encountered the same certificate error that we're encountering with firstdomain.com.

In summary, you can't redirect an https URL to another URL via GoDaddy's forwarding service. As I mentioned previously, in order for this to be possible GoDaddy would need to obtain valid SSL certificates for each domain that was forwarded through their service. It would be nice if they'd do this, but they don't.

@mbardelmeijer
Copy link

I just wanted to shamelessly plug that redirect.pizza was started to fix this issue. It's a free service which allows HTTPS / HTTPS redirects!

@ryanvelocio
Copy link

Thanks for this summary, this is the exact issue I am having and you saved me a ton of searching and troubleshooting!

@dbal02
Copy link

dbal02 commented Sep 1, 2021

thank you very much i was having the same problem! @mbardelmeijer thanks also for the link

@nkorent
Copy link

nkorent commented Sep 1, 2023
edited

I just wanted to add, this is not exclusive to godaddy. You in general can't redirect HTTPS to HTTPS with just adding 301.

@himanish-star
Copy link

This was an awesome solution @mbardelmeijer. Thanks a ton for redirect.pizza

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment