What Is Self-Signed Certificate?
A self-signed certificate is an SSL/TLS certificate that is signed by its own creator rather than a trusted certificate authority. Browsers don't trust self-signed certificates and display security warnings.
Why It Matters
Self-signed certificates provide encryption but not trust. The encryption is technically the same as a certificate from a certificate authority, but browsers have no way to verify who issued it. Result: a full-page security warning that blocks the visitor.
For domain forwarding, this means a self-signed certificate is worse than no certificate at all — visitors see a scary warning page instead of being smoothly redirected.
Self-Signed vs CA-Signed
| Aspect | Self-Signed | CA-Signed (Let’s Encrypt) |
|---|---|---|
| Cost | Free | Free (Let’s Encrypt) |
| Browser trust | No — security warning | Yes — lock icon |
| Encryption | Same strength | Same strength |
| Forwarding | Broken (warning page) | Works perfectly |
| Use case | Development only | Production |
Why Not to Use Self-Signed for Forwarding
Visitor → https://forwarded-domain.com
↓
Browser: "Your connection is not private"
"NET::ERR_CERT_AUTHORITY_INVALID"
↓
Visitor leaves (never sees redirect)There’s no legitimate reason to use self-signed certificates for domain forwarding when Let’s Encrypt provides free, browser-trusted certificates. Domain Forward uses Let’s Encrypt exclusively.
Related Terms
Related Features
Frequently
asked questions
No — not effectively. Browsers will show a security warning page instead of following the redirect. Visitors would have to manually click through the warning. Domain Forward uses Let's Encrypt certificates which are trusted by all browsers.
Only for local development, internal tools behind a VPN, or testing environments — anywhere you control the client machines and can add the certificate to the trust store manually.
Still Confused? Try It Free.
Set up your first domain forward in under 5 minutes. Free plan includes 5 domains.