information Check Your Domains if Parking/Redirecting - Domains without SSL Won't Load

[bhartzer]

A lot of web browsers are checking for SSL (https) now, and a lot of parked domains are now giving browser errors. If there's a browser error, the traffic won't go forward, it won't redirect, and the parking page won't display.

Check your domains, because this is probably going to be one of the reasons why your parking revenue is down.

Some registrars automatically set up SSL on every domain if you redirect from the registrar. BUT there are a lot who don't.

 

[Future Sensors]

GoDaddy is aware

Yes, GoDaddy is aware of this issue since 2021.

Let's see now.

Thank you @James Iles

 

[Future Sensors]

In particular, if one is using afternic ns5/ns6 nameservers, there is no SSL.

Exactly. The webservers handling ns5/ns6 landers have port 443 completely disabled, and only redirect http traffic to a TLS secured page on godaddy.com on another IP. DAN does this much better and creates TLS certificates for all domains using their nameservers.

Speaking of these ns5/ns6 redirects, Afternic is not mentioned any longer in URL or on the lander. It's GoDaddy everywhere.

 

[AEProgram]

between uBlock Origin and SSL, a lot of domainers are losing a ton of sales.

 

[tonyk2000]

In particular, if one is using afternic ns5/ns6 nameservers, there is no SSL.
@James Iles

 

[bhartzer]

between uBlock Origin and SSL, a lot of domainers are losing a ton of sales.

Yes, exactly! you're losing a lot of traffic and clicks because the domain doesn't load via HTTPs.

 

[tonyk2000]

It redirects to a godaddy page with ssl, no problems with ns5-6 on chrome, ff, and ublock is ok too

Yeah, except that httpS :// yourdomainforsale .com does not redirect ...

 

[Future Sensors]

It redirects to a godaddy page with ssl, no problems with ns5-6 on chrome, ff, and ublock is ok too

This won't work with people clicking on https links.

Furthermore, it does not work with TLDs such as .app that are on the HSTS preload list.

 

[branding]

Let's not forget, they actually penalise you (GD) if your bypass their crappy handling of SSL (dns) by charging you a higher commission on your sales. A sale that would never ever happen if it wasn't for YOU NOT USING their dns because your lead would get blocked.

Sad but true. Get your shit together GD!

 

[AEProgram]

In particular, if one is using afternic ns5/ns6 nameservers, there is no SSL.
@James Iles

It redirects to a godaddy page with ssl, no problems with ns5-6 on chrome, ff, and ublock is ok too

 

[abcproductions]

My Afternic rep just sent me an email saying this about NS1 NS2 landers:
"They show ‘Non-Secure’ because of the SSL certificate creation process. The parking team is working to have those updated later this year."

 

[Future Sensors]

Cross ref:

https://www.namepros.com/threads/af...-now-landing-page.1236939/page-7#post-8284547

 

[Future Sensors]

so how is bodis handling this?

Their implementation is correct. Port 443 enabled, TLS certificate with wildcard *.domain present for all landers. No problems.

I do remember that in the past Bodis would only generate the certificate when a domain actually received traffic, resulting in errors for first time visitors. But I also remember that this procedure would have been improved and is now being done proactively, so that it works right from the start. Keep in mind that there is always a slight delay for the creation of new certificates, that applies everywhere.

 

[Future Sensors]

You'll know if your domains actually load a landing page and you're not getting an SSL error.

Make sure you check this with some older web browsers, as well, as I've noticed that some browsers (such as latest version of Firefox, Chrome, etc.) it's fine but if you use an older web browser there are SSL errors and the page won't load.

This probably has to do with outdated cipher suites, or outdated TLS version, in those browsers.

It's a negotiation between cipher suites defined on the webserver and cipher suites defined in the browser.

Webservers may decide to not serve older cipher suites or TLS versions, because they are less secure, for example.

Outdated root certificates defined in those browsers may also be the problem.

At some point it is simply impossible to properly support all older browsers.

 

[IraZoot]

I just started seeing this SSL issue in the past week and never ran across it before that ... seems that some registrars are handling the SSL for the domains but where I have mine that I needed to forward do not. After alot of back and forth ... it appears my only options are using Cloudflare, setting up a hosting account and putting in bulk domains or finding a new registrar that does offer this SSL service and moving all my domains there. No good options. This is a serious issue for any domain investor that forwards domains to ppc or parking pages as it\s going to get blocked ... mean traffic is worthless, lost ppc revenue and parking as well as cause trust issues with visitors not familiar. ALL registrars should make sure to offer this solution on their end ... we spend a fortune with them and I can't imagine it's a major effort or expense for them to do.

 

[Josytal]

In particular, if one is using afternic ns5/ns6 nameservers, there is no SSL.
@James Iles

same with Namesilo and Sav. Not sure about others. High potential lost sales.

 

[Future Sensors]

My Afternic rep just sent me an email saying this about NS1 NS2 landers:
"They show ‘Non-Secure’ because of the SSL certificate creation process. The parking team is working to have those updated later this year."

It's truly unbelievable. There is so much knowledge available within the company, but departments don't seem to be using each other's expertise. This can be improved.

---

https://www.godaddy.com/web-security/ssl-certificate

---

https://certs.godaddy.com/repository

 

[abcproductions]

If you aren't using their landers and your sales comes directly from your lander, there is zero commission.

 

[tonyk2000]

Ouch, that's a big issue! Do you know if there are any plans to fix that?

GoDaddy may fix it if they so decide. Should not be too hard. They do not need to deal with letsencrypt or any other free ssl provider, as GoDaddy is a SSL provider itself. Will they bother? Who knows...

May I ask which registrars are excellent at doing the automatic SSL setup?

Automatic SSL is done on DNS (or website) level. Accordingly, the above is applicable if and only if the domain is using default registrar DNS servers with web forwarding. As for registrars, from those I checked, GoDaddy and NameSilo do not have auto SSL. Dynadot and Porkbun do have auto SSL.

 

[AEProgram]

For landers with ns3/ns4 nameservers, the same applies. That is: port 443 is disabled on the webservers serving these landers. They only forward normal http traffic (incoming on port 80) to a TLS secured page on afternic.com.

Re http traffic

With ns3/ns4 configured, it redirects to a TLS secured afternic.com URL (with price request option). Afternic is visible in URL and there's a GoDaddy and Afternic logo.

With ns5/ns6 configured, it redirects to a TLS secured godaddy.com URL (with BIN price listed). Afternic is not visible anywhere, it's only GoDaddy branded.

So let's recap please

1. Ns1 and Ns2 is blocked by uBlock Origin

2. Ns3, 4, 5, 6 fail with https and this is serious for many reasons including many domains we own have older traffic that might be a buyer and those links are https. Obviously some people have a habit of typing in https and they will get nothing as well etc.

3. Dan does work with https and is NOT blocked by ublock yet it does not have a afternic phone number on the landers, something that could help, especially for larger sales.

 

[Future Sensors]

So let's recap please

1. Ns1 and Ns2 is blocked by uBlock Origin

2. Ns3, 4, 5, 6 fail with https and this is serious for many reasons including many domains we own have older traffic that might be a buyer and those links are https. Obviously some people have a habit of typing in https and they will get nothing as well etc.

3. Dan does work with https and is NOT blocked by ublock yet it does not have a afternic phone number on the landers, something that could help, especially for larger sales.

To make the analysis complete, TLS isn't working on Afternic ns1/ns2 landers either. The webservers handling these requests do have port 443 enabled, but immediately close the connection.

Re your #3, I've solved this by mentioning DAN's phone numbers in the Seller's notes for higher priced domains. I assume the brokerage teams at DAN and GoDaddy/Afternic are slowly merging.

 

[Future Sensors]

Can anyone please chime in for above.com? Are they handling this correctly?

They handle this in a strange way. Https links that are visited directly work well, but they end up redirecting to an unsecured http page with ads. But it works.

I also realize that with these domain parking solutions, there might be various settings for the user to be made where traffic is ultimately directed, so this (the part after redirection) may be different with other customer settings.

 

[bhartzer]

Can anyone please chime in for above.com? Are they handling this correctly?

You'll know if your domains actually load a landing page and you're not getting an SSL error.

Make sure you check this with some older web browsers, as well, as I've noticed that some browsers (such as latest version of Firefox, Chrome, etc.) it's fine but if you use an older web browser there are SSL errors and the page won't load.

 

[IraZoot]

Thanks Todd ... it should make for an interesting discussion since this issue really hasn't been noticed by most nor the massive losses it presents to us already and even more if these registrars and parking companies if they don't take action to fix this.

 

[branding]

It's truly unbelievable. There is so much knowledge available within the company, but departments don't seem to be using each other's expertise. This can be improved.

It's actually quite easy to implement and I would categorise this as intern level of knowledge.

But yes, there's the irony of them acquiring Dan who flawlessly tackled the issue... Years ago.