Google Chrome update makes HTTPS the default for incomplete URLs

[Hypersot]

I know most of you probably know this but still:

https://www.techradar.com/news/google-chrome-is-making-https-the-default-for-incomplete-urls

I can't even imagine the impact this will have onto parking if there are no steps taken from the parking services to implement certificates to as many domains as possible.

 

[alcy]

I know most of you probably know this but still:

https://www.techradar.com/news/google-chrome-is-making-https-the-default-for-incomplete-urls

I can't even imagine the impact this will have onto parking if there are no steps taken from the parking services to implement certificates to as many domains as possible.

u mean the impact its already having now or what? do we tag bodis?

 

[Hypersot]

u mean the impact its already having now or what? do we tag bodis?

I'm not sure what you are asking. Did you read the article? it appears Chrome 90+ will have that implemented.

Just in case I didn't understand your question:
if you try and visit a parked domain using https (either via direct visit or via a backlink) and the domain does not have any certificate on then you'll get a blank page, ie. no lander, no chance for the visitor to click ads, etc.

 

[alcy]

I'm not sure what you are asking. Did you read the article? it appears Chrome 90+ will have that implemented.

sorry my bad.. I misread your post to be in present time..prolly cause of title..my bad

well..do we tag bodis anyway or just wait for our rev to decline in future and ask then?

 

[Hypersot]

Bodis, PC, etc. they all know what's coming.

My post was more for the forum readers to know as well in case thy didn't know already.

Talking about present time,
I can't even count the times I follow links (when I do research for parking) that end up in 'not secure' blank parked pages because there is no certificate on.

The problem is already here but, with the Chrome update coming, the problem will reach epic proportions if nothing will be done.

 

[tonyk2000]

It is unfortunate. What do they mean by "if the HTTPS URL is available"? If the server listens on httpS port, but does not serve the particular domain via httpS - what will happen? I mean what will really happen, as today such a request will produce "certificate mismatch" error (default certificate of the server itself will be served instead). Or, if the server does not respond on https port at all - what will happen? This is the case with most domain forwarding services we use, such as those provideded by @namesilo or @Dynadot if I am not mistaken. Does @namesilo and @Dynadot have plans to implement https by default for domain forwarding?

 

[alcy]

well yer the park pro not me..so u prolly know best if bodis..PC.. have the certificates or not..

for instance I remember when I once was on Parkcrew... even if ads did not show...due to.blocker or what not...the sale banner still did..

I wish bodis worked this way..but it doesnt

 

[Hypersot]

well yer the park pro not me..so u prolly know best if bodis..PC.. have the certificates or not..

for instance I remember when I once was on Parkcrew... even if ads did not show...due to.blocker or what not...the sale banner still did..

I wish bodis worked this way..but it doesnt

You are correct.
What shows up is completely up to the visitor's setup.

For example,
I use Kaspersky. That AV -more often than not- completely blocks any non https pages and shows a 'not secure page' message on a blank page.
Other AVs keep the sales lander showing but don't show anything else
etc.etc.

 

[Gube]

I don't see why some people think it's not a good idea to force people to switch to https.
Too bad for domainers using parking companies that don't care about it but it's the way it is.
No https = No visitor. It's not that difficult to create an SSL certificate..
(Plus, parking the way it was shouldn't exist anymore, uBlock/adblock will kill these)

 

[Hypersot]

I don't see why some people think it's not a good idea to force people to switch to https.
Too bad for domainers using parking companies that don't care about it but it's the way it is.
No https = No visitor. It's not that difficult to create an SSL certificate..
(Plus, parking the way it was shouldn't exist anymore, uBlock/adblock will kill these)

You imply that domainers have a choice on the matter.

Besides Bodis who -afaik- is in their plans to add certificates on all parked domains with them, which other parking company offers SSL on ALL parked domains that you know of?

 

[alcy]

You imply that domainers have a choice on the matter.

Besides Bodis who -afaik- is in their plans to add certificates on all parked domains with them, which other parking company offers SSL on ALL parked domains that you know of?

phew..so we will be alright with bodis...good to know..

 

[privatereg]

As far as I know, only Bodis supports HTTPS for all of their domains and that was just recently implemented. From what I can see, they don't actually create a certificate for a domain name until they get a back link that references the https parked page. Until then, it stays as http only. My understanding on Parking Crew is they don't do it for all their domains - only certain ones. I don't know about the other parking companies.

 

[Gube]

You imply that domainers have a choice on the matter.

Besides Bodis who -afaik- is in their plans to add certificates on all parked domains with them, which other parking company offers SSL on ALL parked domains that you know of?

If there is a demand for it, it will likely end up happening
But I don't think the demand for PPC parking is that high though

 

[tonyk2000]

I just checked, Dynadot generates SSL certs for domains using their FORSALE lander (which is in fact 302 forwarding, it works both for http and https). A good sign. Unsure about routine domainforwarding, as I do not have any "forwarded" Dynadot domains.
NameSilo does not have https, any https connections to forwarded domains are timed out. So, in the best case, chrome users will see a delay before being forwarded...

 

[Hypersot]

As far as I know, only Bodis supports HTTPS for all of their domains and that was just recently implemented. From what I can see, they don't actually create a certificate for a domain name until they get a back link that references the https parked page. Until then, it stays as http only. My understanding on Parking Crew is they don't do it for all their domains - only certain ones. I don't know about the other parking companies.

Bodis provide limited https support. As per Bodis support:
"We currently have a limit of 5-7 SSL certs per domain name, including www and the root."

ParkingCrew provide certificates only for domains they judge to be worthy (ie. high earners or high traffic)

 

[alcy]

maybe it's good to ask bodis if we can expect rev declines from all this @matt_bodis

 

[privatereg]

maybe it's good to ask bodis if we can expect rev declines from all this @matt_bodis

I'm checking with Bodis. I'll let you know what they say....

 

[Dynadot]

It is unfortunate. What do they mean by "if the HTTPS URL is available"? If the server listens on httpS port, but does not serve the particular domain via httpS - what will happen? I mean what will really happen, as today such a request will produce "certificate mismatch" error (default certificate of the server itself will be served instead). Or, if the server does not respond on https port at all - what will happen? This is the case with most domain forwarding services we use, such as those provideded by @namesilo or @Dynadot if I am not mistaken. Does @namesilo and @Dynadot have plans to implement https by default for domain forwarding?

Thank you for tagging us, at this time we automatically apply free SSL certificates to domains using our Domain Forwarding, Stealth Forwarding, 'For Sale' Landing Pages, Email Hosting and Website Builder services. Free SSL certificates are also available by request for domains using our Custom DNS service.

At this time we don't offer the free certificate for domains using Dynadot Parking, unfortunately, however I have escalated this to our team for further investigation into whether the free SSL certificate can be extended to domains using our parking service.

 

[privatereg]

I'm checking with Bodis. I'll let you know what they say....

This is Bodis response "....the developers are working on it tomorrow. We should have it rolled out, at the latest by end of next week."

 

[matt_bodis]

You can read about our existing SSL support here: https://www.bodis.com/blog/ssl-supported-on-over-6m-host-names

Once we support a) and b) we should be covered. So likely quite soon considering how imminent this issue is.

 

[Reallybigidea.com]

Why do you use Chrome?

Checkout this https://mobile.twitter.com/DuckDuckGo/status/1371509053613084679

 

[noneisnone]

so if i type google.com i would be redirected for https://google.com instead of http://google.com ? what about small sites without ssl certificate ?

 

[alcy]

Why do you use Chrome?

Checkout this https://mobile.twitter.com/DuckDuckGo/status/1371509053613084679

I think people who dont use chrome have no clue about browsers..

 

[noneisnone]

@alcy i don't use chrome because i can't afford enough ram to keep it running.

 

[Hypersot]

@matt_bodis

I recently got a .app domain just to see how, what is mentioned on the Blog, works regarding https.

I have set Bodis' NS, waited for the NS to fully propagate and then I started visiting the domain a few times (with about an hour between each visit) to see when the domain would get the cert.

For the past few hours I'm visiting the domain and I still get the ERR_SSL_PROTOCOL error.

How long should I wait to see if this works or.. have I understood this whole thing totally wrong?

thanks