Many popular web browsers, such as Google Chrome, Safari, and Firefox are now notifying users when they try to load a website that is not secure. If you try to go to a domain name that has no SSL certificate set up, you’ll get a warning message telling you the website you’re about to visit is not secure. This is a big deal for anyone who owns a domain name, especially if your domain name is just parked and doesn’t currently have a website on it.
Parked Domain Names
When you register a domain name, it is not required that you point it to a website. However, most domain registrars, such as GoDaddy, will put up a landing page (which is essentially hosting a web page for you on the domain name). Oftentimes those landing pages, referred to parked pages. The registrar either puts ads on the domain name to make money for every click on a ad, or the domain name owner can sign up with a parking company, such as Parking Crew, that pays the domain owner for every click on an ad. The parking company shares the revenue with the domain name owner. I personally own over 50 domain names that I have parked with a parking company.
Another option for domain name owners is to set up the DNS on the domain name so that it points to a “for sale” web page. A page that says that the domain name is for sale, and it may list a price along with a contact form. Some parked domain names will include the ads along with a “for sale” link to purchase the domain name.
So What’s the Problem?
Well, there is a problem for domain name owners, registrars, and parking companies, as well as domain name aftermarkets (where domain names are listed for sale). If a domain name resolves to a web page (if a web page is supposed to be displayed when someone types in the domain name in a web browser or clicks a link that points to the domain name), the it MUST have SSL certificate set up. Otherwise, if no SSL certificate is set up on the domain name, there is a very good chance that the error message will display in the web browser unless the user types in the domain name to include https in the URL. Most people don’t do that, they just enter the domain name. The default, is the web browser try to go to something like http://billhartzer.com, and as a website owner I have to set up a redirect from http://billhartzer.com to the https version of that I am using for a website.
If you own a website, I can’t emphasize enough that you need to set up https on your website, and make sure that all of the versions redirect to the version that you’re using. Here are the possible versions of the URLs (if you don’t have any subdomains on your domain name):
http://
https://
http://www
https://www
So, the http versions need to redirect, with a 301 Permanent Redirect, to the https version that you’re using. Some use https:// and others use https://www, and it doesn’t really matter which one you use: make sure that https is set up and the redirects work.
At some domain name registrars, if you register a domain name with them, you’re able to set up a redirect at the domain name registrar. For example, if you own a misspelling of your company name or a keyword version, you may want to redirect those domain names to the main domain name that you use for your website. However, in the case of BNKS.com, which is a redirect domain name, has an issue because many typing in bnks.com in their web browser for the first time (such as I did in Google Chrome), gets the error message. If I was trying to go to this website, then I would most likely not want to continue, and I would just leave or click the back button in the browser (or search for something else at a search engine). And when that happens (there is a browser error), then the website, parked page, or for sale landing page is losing traffic. The website will lose visitors and potential customers, the parked page won’t get as many clicks on ads, and the domain owner will lost out on potential sales of the domain name.
What Happens When You Enter a Domain in the Browser
What happens when you enter a domain name in the web browser? Such as just entering amazon.com or billhartzer.com in the web browser, without entering http or https:// ? The web browser will attempt, by default, will try to load the http in the browser, thus you will get the “not secure” error. So, even before a redirect occurs on the domain name, the http version tries to load, the network occurs, so the redirect won’t happen.
What You Should Do
Check to see if your domain name, even if redirected somewhere else, doesn’t have this issue. Type it into your browser (check all web browsers) and make sure that you don’t get the error message. Type it in as “billhartzer.com” without the http or https.
There are several things that you should do right now to take care of this if you get the error, depending on what you’re doing with the domain name:
- If you have a website on the domain, make sure http redirects to https. If you have not set up an SSL certificate, then contact your web host or use another provider such as Cloudflare or Let’s Encrypt that gives you a free SSL certificate.
- Check with your domain name registrar to see if they have implemented an SSL certificate on your domain name, even if the domain name is parked. Ask them to set up the SSL certificates on all of your domain names. If they don’t know about this issue and won’t take care of it for you, then transfer the domain to a domain name registrar that will work with you on this.
- If you park your domain names, then consider setting them all up with a provider such as Cloudflare. Cloudflare gives you a free SSL certificate, and you can then point the domain name to a for sale landing page or a domain parking company. You can actually also set up redirects there on Cloudflare as well, so it’s a good option.
I have spoken with several people in the domain name industry that have identified this as a major issue for them. One domain name owner, the owner of BNKS.com, for example, set up the redirect at his domain name registrar and it’s showing the error in some browsers. Others have confirmed that if the domain name is pointed to ns1.godaddy.com and ns2.godaddy.com, the domain name will show this error in the web browser. It is my understanding, according to a representative from GoDaddy, that GoDaddy is working on implementing a resolution to this issue, but it won’t be until later in 2023 when they have this SSL issue working properly.
What I recommend is that you check your list of domain names, every single domain name that you own, and manually try to load them in the web browser. If you get the “not secure” error, you have this problem. If you have any questions about this issue or anything related to SSL or https and your website or domain name, feel free to get in touch with me.