Domain Forwards are starting to throw up https errors on chrome (2.Viewing)

All forwards are showing errors for me, even outside of incognito.
 
I myself am not getting any error in the latest Chrome on windows, interestingly enough, neither in incognito nor normal mode. Either way, I looked at the way Porkbun is doing this and they seem to generate a certificate for each and every domain. So this is not a quick fix, since it affects infrastructure as well (and there's some challenges around generating a lot of free certs), but we'll be looking at a solution.
 
Screenshot (86).png





Google keeps changing the message as they are rolling out the forwarding changes across all platforms.


Regular forwards will soon be dead in the water, am seeing lots of famous websites with forwards not working properly.
 
I've been holding my tongue because, you know, who is this random new kid? But I have some gripes with WHC:

1. Having to pay extra for SSL.
2. Having both the pusher and the recipient open a ticket and then having a poor WHC employee take the time to manually move each domain to push between accounts.
3. No bulk functions for forwarding.
4. That irritating little thing where you have to opt out of the ten-dollar "Boost security with Domain Protection" whenever you register a domain (which caught me a few minutes ago, prompting this unnecessary rant).
5. This new domain forwarding error.

Anywho, I like your registrar and customer service. And other registrars have their faults. But I just lost $9.99 and I can't rightfully take that out on myself, now can I?

P.S. I can get a refund.... right?
 
I've been holding my tongue because, you know, who is this random new kid? But I have some gripes with WHC:

1. Having to pay extra for SSL.
2. Having both the pusher and the recipient open a ticket and then having a poor WHC employee take the time to manually move each domain to push between accounts.
3. No bulk functions for forwarding.
4. That irritating little thing where you have to opt out of the ten-dollar "Boost security with Domain Protection" whenever you register a domain (which caught me a few minutes ago, prompting this unnecessary rant).
5. This new domain forwarding error.

Anywho, I like your registrar and customer service. And other registrars have their faults. But I just lost $9.99 and I can't rightfully take that out on myself, now can I?

P.S. I can get a refund.... right?
ahh the sneaky upsells. How do you think GoDaddy got to be the biggest registrar in the world?
 
4. That irritating little thing where you have to opt out of the ten-dollar "Boost security with Domain Protection" whenever you register a domain (which caught me a few minutes ago, prompting this unnecessary rant).


Screenshot (91).jpg




When I visit INCOGNITO I get the above

When I am logged in I get the below



Screenshot (92).jpg



Also I see now mention of an extra charge for SSL

Yes forwarding is dead in the water now unless you add the domain to your hosting account as an addon domain and forward within cPanel.
 
Having both the pusher and the recipient open a ticket and then having a poor WHC employee take the time to manually move each domain to push between accounts.

Crazy, even my credit union allows me to push funds to another member unassisted. If the owner wants to push a domain to another member and they are securely logged in it should only require one service ticket.
 
I've been holding my tongue because, you know, who is this random new kid? But I have some gripes with WHC:
@CanuckDomains : Please don't hold back, we appreciate any feedback.

1. Having to pay extra for SSL.
2. Having both the pusher and the recipient open a ticket and then having a poor WHC employee take the time to manually move each domain to push between accounts.
3. No bulk functions for forwarding.
4. That irritating little thing where you have to opt out of the ten-dollar "Boost security with Domain Protection" whenever you register a domain (which caught me a few minutes ago, prompting this unnecessary rant).
5. This new domain\ forwarding error.
1. With our hosting, you also have access to free AutoSSL. We currently do not include an SSL certificate for domains, but we are considering this for forwarding in the future.
2. Ideally, this should and won't be a manual process going forward, but I do think (see example below) it needs to be approved by gaining and losing accounts. Another (additional?) option would be to simulate a transfer with EPP code between accounts, similar to how some reseller registrars do it. What does your favourite and secure push implementation look like?
3. This has been requested before, especially by @MapleDots and is something we're considering for the future.
4. It's an upsell. As @MapleDots highlighted, once you have 75+ domains with us, you can join The Domain Club at WHC and get better renewal pricing ($11.99 for .CAs) and this domain protection feature is free.
5. See #1. I'm curious, aside from the one mentioned here before, which order registrars give you free certs? This problem is likely to affect other registrars as well.

Anywho, I like your registrar and customer service. And other registrars have their faults. But I just lost $9.99 and I can't rightfully take that out on myself, now can I?

P.S. I can get a refund.... right?
For the domain protection? Yes. Please contact our billing team. You can now also cancel the feature from the client area, but it doesn't automatically refund you.

Crazy, even my credit union allows me to push funds to another member unassisted. If the owner wants to push a domain to another member and they are securely logged in it should only require one service ticket.
@RedRider Aside from the fact that I would like this to be automated (and it will be at one point), I do think that for domains, the gaining client should have to accept them. Imagine you get wind of there being a UDRP/CDRP filed against one of your domains, and before it reaches the registrar, you just push it to someone else.
 
Last edited:
When a domain push is initiated, the recipient must accept the push.

To initiate the push: Requiring username would be good. Don’t want to give out account email. Other registrars use account # / username / email.
 
Ugh, this is a royal pain and affecting everyone forwarding one domain to another.

@FM is there any timeline on getting this resolved.

I'm added my critical domains to the hosting package to fix it but the other domains are all in limbo with an error message.


The other thing I thought of is making a custom dns server for each domain and somehow using it as a forward.

Anyone know how to do that in the WHC control panel? I started fooling around with that a bit.
 
Ugh, this is a royal pain and affecting everyone forwarding one domain to another.

@FM is there any timeline on getting this resolved.
Unfortunately I cannot yet offer a guaranteed timeline, but I'm looking and testing options at the moment.
The other thing I thought of is making a custom dns server for each domain and somehow using it as a forward.

Anyone know how to do that in the WHC control panel? I started fooling around with that a bit.
Can you explain this further? We do support private nameservers (requires an additional IP for CIRA to accept them).
 
Yes, i've been noticing this too. I have many domains temporarily using WHC DNS servers. Very frustrating!

I'm building a new DNS server for my domains that should alleviate this problem once and for all.
 
Not sure if this question was directed to me, but for what its worth I build my own Web & DNS/Bind servers and use Certbot to attach SSL certificates.

That way the SSL certificate gets validated (no security warning), and I can host a site on a domain or forward it as needed.

Note: I should have mentioned Web & DNS servers in my last post, not just DNS.

You really don't need your own DNS server, but you do need your own web server.

1. Login to WHC (or other provider) and set the A record for the domain name to the IP address of your web server.

2. On your webserver, install certbot (Ubuntu/Debian - sudo apt install certbot)

3. Create SSL certificates for domain name (sudo certbot --nginx -d mysite.ca -d www.mysite.ca) or for Apache (sudo certbot --apache -d mysite.ca -d www.mysite.ca)

4. a. To forward a domain using Nginx:

server {
server_name .mysite.ca;
return 301 http://www.anothersite.ca$request_uri;
}

b. To forward a domain using Apache:

RewriteEngine On
RewriteRule ^(.*)$ http://anothersite.ca/$1 [R=301,L]


The big advantage of rolling your own DNS servers is that it improves SEO.


A bit technical, but hopefully this helps someone!
 
Last edited:
Sorry yes..

What about this from WHC?

Maybe a way to get that working


Screenshot (36).jpg

Yes, you can use the rewrite engine as well for forwarding, but I don't think that will fix the issue.

The problem is that Google essentially forces HTTPS, which isn't a bad thing in and of itself.

If you are forwarding, forward to HTTP not HTTPS.

If you are connecting to an HTTPS site, it is going to look for an encryption certificate for that domain name, and won't find one because the domain has been redirected to another server, and there is no certificate for it there.

If I forward betbitcoins.ca to waynesdomains.com, I get to DN.ca without issue, since i'm not forwarding https on either domain.

If I do forward https, I get this error:

ssl-error.png




The problem for me is that Google caches https versions of websites, so if a user clicks on an https link which is forwarded, there is no certificate for that domain name at the server being forwarded to, thus the error. Very frustrating.

The best resolution, in my opinion, is to create your own webserver with your own (free) certbot certificates.
 
Last edited:
Screenshot (38).jpg



It appears Google switched on this setting for everyone during an update of chrome. So depending on what operating system and when it updates Google sneakily flicks this switch and the average user knows nothing about it.

Really no use turning it off because I guarantee in a couple of updates that switch will go away and there will only be the on setting.
 

Sponsors who contribute to keep dn.ca free for everyone.

Sponsors who contribute to keep dn.ca free.

Back
Top Bottom