Today I'm excited to announce a feature we've been working on for many years: HTTPS redirects! You can now set up encrypted end-to-end HTTPS redirects via our DNSimple Redirector without the need to use any external services to handle HTTPS traffic.
Privacy and security are highly valued requirements in modern web applications. As your domain automation provider, we focus on helping you keep your users secure and happy. Thanks to innovations like Let's Encrypt and HTTP Strict Transport Security, the web is moving towards HTTPS-everywhere. The increasing adoption of HTTPS as the default connection protocol for websites has introduced some new challenges to developers and system administrators. One of them is the need to properly handle redirects via HTTPS to avoid the risk of content duplication in search engines.
Configuring an HTTPS redirect is not trivial. To understand why, take a look at the article Redirects with HTTPS that Simone published on this blog almost 3 years ago. It explains the challenges of configuring an HTTPS redirect and why you need a valid certificate even if you're not serving a web page.
For example, if you want to redirect
example.com, create a URL record for
www where the destination is
https://example.com, request an SSL certificate for
www.example.com, and that's it! No extra setup. No complex configuration. No need to deal with SSL certificate setup. Once the certificate is issued, we'll automatically use it.
Extra bonus point: it works with wildcard entries too! You can configure a URL record to redirect
https://example.com, request a wildcard Let's Encrypt certificate, and we'll pair them together allowing you to redirect any one-level name such as
bar.example.com, etc. Here's how to get started with DNSimple and Let's Encrypt.
Learn more about how to configure redirection with our redirector documentation.
At the beginning of this post I mentioned this is a feature we've been working on for many years. The formal project definiton dates back to December 2016. Although the discussion started years before, probably around 2015, and after our redirector was redesigned in Go. I started working on it around March 2017.
You may be wondering why it took so long to release this feature. This isn't a simple answer, and it's also an excellent topic for a future behind the scenes blog post. Sufficed to say that a big chunk of time was spent on R&D. We went through multiple iterations to try to find a balance between complexity and usability.
We wanted to provide a feature that required minimal effort to setup and maintain. The first turning point was really the release of the Let's Encrypt integration at the end of 2016. Let's Encrypt offered fully-automated provisioning, along with the ability to automate the certificate renewal. The second turning point was 2018, when Let's Encrypt also announced wildcard certificates. We spent a big portion of 2018 redesigning our integration, and upgrading to ACME v2. At the beginning of this year we officially announced our Let's Encrypt wildcard integration, also available via API.
Adding HTTPS support and SSL termination in our redirector was fairly easy, thanks to the excellent HTTP library provided by Go. In fact, thanks to Go, we also support the HTTP/2 protocol when using HTTPS.
Long story short, getting here was a lot of effort on our side, but we couldn't have done it without the contribution of other developers to the core libraries we use. Or without projects like Let's Encrypt that are contributing to moving the web towards HTTPS-everywhere, and that we are proud to sponsor.
Get started today by logging in and configuring HTTPS redirects using the DNSimple Redirector and a certificate from your DNSimple account. The HTTPS redirect feature is available for all customers on Professional and Business plans. Not a customer? Sign up today with a 30 day free trial.
Happy & safe web surfing! 😎🏄🏽
Former astronaut, soccer player, superhero. All at the age of 10. For some reason now I write code.
With GDPR is WHOIS Privacy still necessary? Read on for our opinion.
DNSimple now automatically generates CDS & CDNSKEY records for every DNSSEC signed zone.