Lessons learned from buying, connecting, and operating domains
Free Trial
Features

Announcing HTTPS Support for the DNSimple Redirector

Luca Guidi's profile picture Luca Guidi

Today I'm excited to announce a feature we've been working on for many years: HTTPS redirects! You can now set up encrypted end-to-end HTTPS redirects via our DNSimple Redirector without the need to use any external services to handle HTTPS traffic.

Why is it important?

Privacy and security are highly valued requirements in modern web applications. As your domain automation provider, we focus on helping you keep your users secure and happy. Thanks to innovations like Let's Encrypt and HTTP Strict Transport Security, the web is moving towards HTTPS-everywhere. The increasing adoption of HTTPS as the default connection protocol for websites has introduced some new challenges to developers and system administrators. One of them is the need to properly handle redirects via HTTPS to avoid the risk of content duplication in search engines.

In the last couple of years, we've seen the appearance of new TLDs that enforce HTTPS by default, such as .APP, .PAGE, .DEV, and .BANK. A non-HTTPS redirect wouldn't work for these domains.

Configuring an HTTPS redirect is not trivial. To understand why, take a look at the article Redirects with HTTPS that Simone published on this blog almost 3 years ago. It explains the challenges of configuring an HTTPS redirect and why you need a valid certificate even if you're not serving a web page.

How does it work?

It's simple:

  1. Configure a URL record, and tell us which domain you want to redirect and where (e.g. www.example.com to https://example.com).
  2. Request an SSL certificate for the domain you want to redirect.
  3. Your redirected URL via HTTPS (e.g. https://www.example.com) will now redirect correctly.

For example, if you want to redirect www.example.com to example.com, create a URL record for www where the destination is https://example.com, request an SSL certificate for www.example.com, and that's it! No extra setup. No complex configuration. No need to deal with SSL certificate setup. Once the certificate is issued, we'll automatically use it.

Bonus point: if you use our Let's Encrypt integration and turn on the certificate auto-renewal, we'll automatically renew the certificate upon expiration and always use the most recent one.

Extra bonus point: it works with wildcard entries too! You can configure a URL record to redirect *.example.com to https://example.com, request a wildcard Let's Encrypt certificate, and we'll pair them together allowing you to redirect any one-level name such as foo.example.com, bar.example.com, etc. Here's how to get started with DNSimple and Let's Encrypt.

Learn more about how to configure redirection with our redirector documentation.

How did we get here?

At the beginning of this post I mentioned this is a feature we've been working on for many years. The formal project definiton dates back to December 2016. Although the discussion started years before, probably around 2015, and after our redirector was redesigned in Go. I started working on it around March 2017.

You may be wondering why it took so long to release this feature. This isn't a simple answer, and it's also an excellent topic for a future behind the scenes blog post. Sufficed to say that a big chunk of time was spent on R&D. We went through multiple iterations to try to find a balance between complexity and usability.

We wanted to provide a feature that required minimal effort to setup and maintain. The first turning point was really the release of the Let's Encrypt integration at the end of 2016. Let's Encrypt offered fully-automated provisioning, along with the ability to automate the certificate renewal. The second turning point was 2018, when Let's Encrypt also announced wildcard certificates. We spent a big portion of 2018 redesigning our integration, and upgrading to ACME v2. At the beginning of this year we officially announced our Let's Encrypt wildcard integration, also available via API.

Adding HTTPS support and SSL termination in our redirector was fairly easy, thanks to the excellent HTTP library provided by Go. In fact, thanks to Go, we also support the HTTP/2 protocol when using HTTPS.

Long story short, getting here was a lot of effort on our side, but we couldn't have done it without the contribution of other developers to the core libraries we use. Or without projects like Let's Encrypt that are contributing to moving the web towards HTTPS-everywhere, and that we are proud to sponsor.

How do I get started?

Get started today by logging in and configuring HTTPS redirects using the DNSimple Redirector and a certificate from your DNSimple account. The HTTPS redirect feature is available for all customers on Professional and Business plans. Not a customer? Sign up today with a 30 day free trial.

Happy & safe web surfing! 😎🏄🏽

Share on Twitter and Facebook

Luca Guidi's profile picture

Luca Guidi

Former astronaut, soccer player, superhero. All at the age of 10. For some reason now I write code.