What Is SSL Termination?

Why It Matters

SSL termination is how forwarding servers handle HTTPS traffic. When a visitor connects to https://your-forwarded-domain.com, something needs to handle the TLS handshake and decrypt the request before responding with a redirect.

In larger architectures, SSL termination typically happens at a reverse proxy or load balancer that sits in front of backend servers. For domain forwarding, the concept is simpler — the termination point IS the redirect server.

How SSL Termination Works

Visitor                  Domain Forward Server
  │                              │
  │── HTTPS request ────────────>│
  │                              │ <- TLS termination happens here
  │                              │    (decrypt, read request)
  │                              │    (generate 301 redirect)
  │<── 301 + Location header ───│
  │                              │

The server:

1. Receives the encrypted request
2. Decrypts it using the SSL certificate’s private key
3. Reads the request (which domain, which path)
4. Generates a 301 redirect response with the Location header
5. Encrypts the response and sends it back

SSL Termination for Forwarding

Most registrar forwarding doesn’t support SSL termination — they simply don’t have certificates for your domain, so HTTPS requests fail with security errors.

Domain Forward handles SSL termination for every domain using automatically provisioned Let’s Encrypt certificates.