There has been a lot of talk lately about moving websites to use Secure Socket Layers (SSL) over HTTP – aka HTTPS.
This discussion has ramped up over the last few weeks because Chrome released Version 68 of their browser which now highlights sites that are not using the HTTPS protocol.
Chrome 67 versus 68 Differences (Image Credit: Google)
I actually moved WindowsObserver.com and WinObs.com over to HTTPS last June using a couple of different plug-ins and services. My hosting provider, Bluehost, provides basic SSL certificates for my sites at no additional charge for any of my hosted domains.
Since then everything has been running very smoothly with one notable exception – redirecting some of my parked domains using the Bluehost domain list. Under normal circumstances, adding a domain to your hosting plan with Bluehost as a parked domain allows you to redirect that domain to your main website.
For instance my original domain name for this site, AnotherWin95.com, is among the handful I have parked at Bluehost. Prior to switching my sites over to HTTPS, this process enabled a redirect from that domain to the main domain (WindowsObserver.com). So anyone typing AnotherWin95.com into a web browser address bar was sent to WindowsObserver.com.
Simple, straight forward and easy to setup with Bluehost.
However, after the switch to HTTPS these parked redirects stopped working. Any attempt to enter these parked domains in a web browser resulted in a security warning. This warning came up because the parked domain name was using a wildcard based Bluehost certificate (*.bluehost) while the SSL certificate for my main site was using its own domain name (windowsobserver.com).
Most of the modern browsers allow you to bypass this security warning and continue on to the website. Smart users would likely see this security warning and abandon their attempt to visit the site. Of course, that impacts traffic so it had to be fixed.
I then spent several different periods of time since last June researching for a solution. First issue is that domains that are not actually hosting a site at Bluehost can not take advantage of the free SSL certificate. In order to use an SSL certificate they must be physically pointing to their own directory. In addition, those certificates would still cause a mismatch security warning due to different domains in the certificates and that is the problem I was already facing. Plus, hosting those sites on their own defeats the purpose of re-directing them to this main site.
I continued to come up blank for a way to solve this until this past week when I registered and was trying out some new domain names.
Turns out you still need to park these other domains you plan on redirecting, this was just like in the pre-HTTPS days, but there was one additional step needed to avoid the browser based security warning.
So you must still log into your Bluehost account and park any spare domains that you want to redirect to your main site that has SSL implemented.
Bluehost Control Panel Domain Listing
Once you have those domains parked, head into the Redirect settings tab under the Domain List.
Bluehost Domain Redirect Settings Page
Using this form, leave the redirect as a permanent (301) and select the domain you want to redirect to your main site from the drop down list.
Note: If your domain is not parked then it will not show up in this drop down menu.
Next type in your main websites URL including the HTTPS part, this form defaults to HTTP, in the redirects to box. Leave the Redirect with or without www selected (this is the default) and leave the wild card redirect setting unchecked (also the default).
Select the add this redirect button to finish setting up this redirect.
Repeat these steps for any other domains you want to redirect to your main site. The key here is to change that http to https in the redirects to box. Failure to do this will still result in the security mismatch warning in the web browser.
Once you are done your redirect listing will look something like this:
Now when anyone types in one of your alternate URLs that are redirected to your main site it should bring up the website without any security warnings with full HTTPS working.
You can test it out with some of the domains I have redirected (temporarily disabled)
WindowsHub.site WindowsHub.tech WinHub.site WinHub.tech
You can also get fancy with these redirects and target specific URLs like I did with ObservedTech.com which takes you directly to the Observed Tech PODCAST listing on the site.
One last note about SSL and HTTPS.
All these protocols do is indicate that the data being sent between your web browser and the destination web server is encrypted. It does not indicate the reputation of a website. That means even when you see a site is secure you still need to exercise smart web browsing habits.
Stay safe out there!