Summary
When using UltraDNS Web Forwarding, redirects to the root of a secure (HTTPS) destination usually work fine. However, forwarding to a subdirectory of a secure destination (e.g., https://destinationdomain.com/path) may fail. This typically happens due to how the destination server handles incoming HTTPS requests, not because of DNS or redirect issues.
Problem Description
Domains set up with a 301 Web Forward to a secure destination path like:
https://destinationdomain.com/subdirectory
…may result in:
- "This site can’t be reached"
- "Doesn’t support a secure connection"
- SSL or TLS handshake errors
This applies to both root (exampledomain.com) and www subdomain configurations.
Example Scenario
| Zone | Redirect Target | Result |
|---|---|---|
| exampledomain.com | https://destinationdomain.com | ✅ Works |
| exampledomain.com | https://destinationdomain.com/region | ❌ Fails |
| www.exampledomain.com | https://www.destinationdomain.com/region | ❌ Fails |
Root Cause
This is not an UltraDNS or DNS issue. The redirect executes as expected. The issue occurs at the destination web server or load balancer. Common causes include:
- The destination server does not support HTTPS redirects to subdirectories from external sources
- Web application firewall (WAF) or load balancer rules block traffic missing expected headers (like Host or Referer)
- The destination server expects to manage HTTPS upgrades internally
- The
www.variant of the destination may lack a valid SSL certificate or be routed differently
Solution
Change the Web Forwarding destination from HTTPS to HTTP.
Instead of:https://destinationdomain.com/subdirectory
Use:http://destinationdomain.com/subdirectory
This lets the destination server receive the request over HTTP and then upgrade the connection to HTTPS itself. The user still lands on a secure page, and the redirect succeeds without errors.
Additional Information
- UltraDNS Web Forwarding only supports HTTPS at the source domain if a valid SSL certificate is uploaded
- Avoid using
https://www...in the destination unless you’ve confirmed that variant is properly configured - Letting the destination server handle HTTPS is often more reliable than forcing it at the redirect level
Troubleshooting Checklist
| Step | Action | Expected Result |
|---|---|---|
| 1 | Test https://destination.com |
Loads properly |
| 2 | Test https://destination.com/subdirectory |
Should return 200 OK |
| 3 | Test https://www.destination.com/subdirectory |
May fail with cert error |
| 4 | Use http://destination.com/subdirectory in redirect |
Redirects cleanly |
FAQ
Q: Is this an UltraDNS issue?
A: No. The redirect is functioning. The issue lies with how the destination handles HTTPS requests.
Q: Is the redirect still secure if it starts as HTTP?
A: Yes. The user is redirected to HTTP first, but the destination upgrades to HTTPS. The experience remains secure.
Q: Why does redirecting to the root domain work, but not to a subdirectory?
A: Root-level redirects are typically handled by a general server or default rule. Subdirectories may have stricter routing or security checks.
Q: Can I forward to HTTPS if I really want to?
A: Only if the destination supports it without issue. Alternatively, upload a valid SSL certificate to UltraDNS and enable HTTPS Web Forwarding for the source.