What Is SSL Certificate?
An SSL/TLS certificate is a digital certificate that authenticates a website's identity and enables an encrypted HTTPS connection. Without a valid certificate on the source domain, visitors see browser security warnings when a domain redirect uses HTTPS.
Why It Matters
Modern browsers expect HTTPS everywhere. If a visitor types your-domain.com and the redirect happens over plain HTTP, they see a “Not Secure” warning in their browser bar. Some browsers (especially Chrome) will actively warn users before proceeding.
This isn’t just about security warnings — it’s about trust. A “Not Secure” label on your domain erodes brand credibility instantly.
The problem is that most registrar domain forwarding doesn’t support HTTPS on the source domain. They redirect over HTTP, meaning your visitors see security warnings even though the destination site has a valid certificate.
How SSL Works for Domain Forwarding
For a forwarded domain to work over HTTPS, the redirect server needs:
- A valid SSL certificate for the source domain (e.g.,
old-brand.com) - The ability to terminate the TLS connection
- Then issue the 301 or 302 redirect to the destination
The certificate must be on the redirect server, not the destination server. The browser connects to the source domain first — that’s where HTTPS must be valid.
Auto-Provisioned Certificates
Services like Domain Forward use Let’s Encrypt to automatically provision free SSL certificates for every forwarded domain. When you add a domain:
- DNS is verified (via A record or CNAME)
- A Let’s Encrypt certificate is issued for that domain
- The certificate is installed on our edge servers
- HTTPS connections are handled automatically
- Certificate renewal happens automatically before expiration
Common Mistakes
Assuming the destination certificate covers the source domain. It doesn’t. If you forward old.com to new.com, new.com’s certificate only covers new.com. The source domain old.com needs its own certificate on the redirect server. For multiple domains, you might use a SAN certificate.
Using a self-signed certificate. Browsers won’t trust self-signed certs — visitors see a security warning instead of the redirect.
Not having a CAA record. If your domain’s CAA record restricts which certificate authorities can issue certs, it might block Let’s Encrypt from provisioning your forwarding certificate.
Not waiting for DNS propagation. Certificate provisioning requires DNS to be pointing to the redirect server. If DNS hasn’t propagated yet, certificate issuance will fail temporarily.
Related Terms
Related Features
Frequently
asked questions
Yes! When a visitor types your domain in their browser, the connection must be encrypted before the redirect can happen. Without a valid certificate on the source domain, browsers show a 'Not Secure' warning — or block the connection entirely.
No. Domain Forward automatically provisions free SSL certificates using Let's Encrypt for all forwarded domains. You don't need to purchase, install, or renew certificates manually.
Still Confused? Try It Free.
Set up your first domain forward in under 5 minutes. Free plan includes 5 domains.