IT.COM

information Check Your Domains if Parking/Redirecting - Domains without SSL Won't Load

Spaceship Spaceship
Watch
A lot of web browsers are checking for SSL (https) now, and a lot of parked domains are now giving browser errors. If there's a browser error, the traffic won't go forward, it won't redirect, and the parking page won't display.

Check your domains, because this is probably going to be one of the reasons why your parking revenue is down.

Some registrars automatically set up SSL on every domain if you redirect from the registrar. BUT there are a lot who don't.
 
14
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
between uBlock Origin and SSL, a lot of domainers are losing a ton of sales.
 
13
•••
between uBlock Origin and SSL, a lot of domainers are losing a ton of sales.
Yes, exactly! you're losing a lot of traffic and clicks because the domain doesn't load via HTTPs.
 
11
•••
In particular, if one is using afternic ns5/ns6 nameservers, there is no SSL.
@James Iles
 
13
•••
Some registrars automatically set up SSL on every domain if you redirect from the registrar. BUT there are a lot who don't.
May I ask which registrars are excellent at doing the automatic SSL setup? And thanks for bringing up this very important issue.
In particular, if one is using afternic ns5/ns6 nameservers, there is no SSL.
Ouch, that's a big issue! Do you know if there are any plans to fix that?
 
3
•••
In particular, if one is using afternic ns5/ns6 nameservers, there is no SSL.
Exactly. The webservers handling ns5/ns6 landers have port 443 completely disabled, and only redirect http traffic to a TLS secured page on godaddy.com on another IP. DAN does this much better and creates TLS certificates for all domains using their nameservers.

Speaking of these ns5/ns6 redirects, Afternic is not mentioned any longer in URL or on the lander. It's GoDaddy everywhere.
 
Last edited:
14
•••
Ouch, that's a big issue! Do you know if there are any plans to fix that?
GoDaddy may fix it if they so decide. Should not be too hard. They do not need to deal with letsencrypt or any other free ssl provider, as GoDaddy is a SSL provider itself. Will they bother? Who knows...

May I ask which registrars are excellent at doing the automatic SSL setup?
Automatic SSL is done on DNS (or website) level. Accordingly, the above is applicable if and only if the domain is using default registrar DNS servers with web forwarding. As for registrars, from those I checked, GoDaddy and NameSilo do not have auto SSL. Dynadot and Porkbun do have auto SSL.
 
7
•••
In particular, if one is using afternic ns5/ns6 nameservers, there is no SSL.
@James Iles
It redirects to a godaddy page with ssl, no problems with ns5-6 on chrome, ff, and ublock is ok too
 
9
•••
May I ask which registrars are excellent at doing the automatic SSL setup? And thanks for bringing up this very important issue.

Ouch, that's a big issue! Do you know if there are any plans to fix that?
Maybe, cloudflare could auto-ssl it for you at no costs.
 
6
•••
It redirects to a godaddy page with ssl, no problems with ns5-6 on chrome, ff, and ublock is ok too
Yeah, except that httpS :// yourdomainforsale .com does not redirect ...
 
11
•••
It redirects to a godaddy page with ssl, no problems with ns5-6 on chrome, ff, and ublock is ok too
This won't work with people clicking on https links.

Furthermore, it does not work with TLDs such as .app that are on the HSTS preload list.
 
Last edited:
11
•••
8
•••
main issue with dan landers is no gd phone number
 
0
•••
Maybe, cloudflare could auto-ssl it for you at no costs.
Thanks for the Cloudflare tip. I'll check into that further.


. Dynadot and Porkbun do have auto SSL.

It's nice to know that DynaDot and Porkbun have the auto-ssl. Thanks.

Recently, I've been trying the Daaz platform, and I see they use the cloudflare ssl. Their pages also load very quickly.
 
Last edited:
2
•••
In particular, if one is using afternic ns5/ns6 nameservers, there is no SSL.
@James Iles

I've checked a load of ns5/ns6 names to check this - they do resolve to SSL page, but https traffic isn't being handled properly. GoDaddy is aware, and it is going to be fixed, but it's part of some wider work.
 
0
•••
23
•••
5
•••
are you certain ns3 ns4 is ok with ssl? My tests show same results as ns5 and ns6
For landers with ns3/ns4 nameservers, the same applies. That is: port 443 is disabled on the webservers serving these landers. They only forward normal http traffic (incoming on port 80) to a TLS secured page on afternic.com. This single fact immediately results in an incomplete TLS implementation. In addition, each domain must have a working TLS certificate, preferably for at least the root domain plus www subdomain.

Re http traffic:

With ns3/ns4 configured, it redirects to a TLS secured afternic.com URL (with price request option). Afternic is visible in the URL and there's both a GoDaddy and Afternic logo on the page.

With ns5/ns6 configured, it redirects to a TLS secured godaddy.com URL (with BIN price listed). Afternic is not visible anywhere, it's only GoDaddy branded (URL and on-page).
 
Last edited:
3
•••
For landers with ns3/ns4 nameservers, the same applies. That is: port 443 is disabled on the webservers serving these landers. They only forward normal http traffic (incoming on port 80) to a TLS secured page on afternic.com.

Re http traffic

With ns3/ns4 configured, it redirects to a TLS secured afternic.com URL (with price request option). Afternic is visible in URL and there's a GoDaddy and Afternic logo.

With ns5/ns6 configured, it redirects to a TLS secured godaddy.com URL (with BIN price listed). Afternic is not visible anywhere, it's only GoDaddy branded.
So let's recap please

1. Ns1 and Ns2 is blocked by uBlock Origin

2. Ns3, 4, 5, 6 fail with https and this is serious for many reasons including many domains we own have older traffic that might be a buyer and those links are https. Obviously some people have a habit of typing in https and they will get nothing as well etc.

3. Dan does work with https and is NOT blocked by ublock yet it does not have a afternic phone number on the landers, something that could help, especially for larger sales.
 
7
•••
So let's recap please

1. Ns1 and Ns2 is blocked by uBlock Origin

2. Ns3, 4, 5, 6 fail with https and this is serious for many reasons including many domains we own have older traffic that might be a buyer and those links are https. Obviously some people have a habit of typing in https and they will get nothing as well etc.

3. Dan does work with https and is NOT blocked by ublock yet it does not have a afternic phone number on the landers, something that could help, especially for larger sales.
To make the analysis complete, TLS isn't working on Afternic ns1/ns2 landers either. The webservers handling these requests do have port 443 enabled, but immediately close the connection.

Re your #3, I've solved this by mentioning DAN's phone numbers in the Seller's notes for higher priced domains. I assume the brokerage teams at DAN and GoDaddy/Afternic are slowly merging.
 
Last edited:
7
•••
so how is bodis handling this?
 
4
•••
so how is bodis handling this?
Their implementation is correct. Port 443 enabled, TLS certificate with wildcard *.domain present for all landers. No problems.

I do remember that in the past Bodis would only generate the certificate when a domain actually received traffic, resulting in errors for first time visitors. But I also remember that this procedure would have been improved and is now being done proactively, so that it works right from the start. Keep in mind that there is always a slight delay for the creation of new certificates, that applies everywhere.
 
Last edited:
8
•••
Re your #3, I've solved this by mentioning DAN's phone numbers in the Seller's notes for higher priced domains. I assume the brokerage teams at DAN and GoDaddy/Afternic are slowly merging.
Good idea, I see they let you upload one image to show on the entire account, wonder if making an image with the phone number is ok and allowed?
 
2
•••
Good idea, I see they let you upload one image to show on the entire account, wonder if making an image with the phone number is ok and allowed?
Also a nice solution, if it is clearly visible on all screen sizes.
 
2
•••
Can anyone please chime in for above.com? Are they handling this correctly?
 
2
•••
Back