Problems forwarding apex domain if user types https:// before domain

I just moved DNS for a domain that just redirects to another domain. It is MOSTLY working with one extremely annoying problem.

These all work and redirect to the other domain without a problem:

but the apex domain will not redirect if the user types https:// before it:

This will generate an error in the browser. When I use curl -v on both https://www and https://, I noticed that the www subdomain is being handled by cloudflare (on a cloudflare IP) and the handshake with the cert (cloudflare’s) works just fine, but the apex domain shows it being forwarded to the forwarding site’s IP, not at all being interpreted on cloudflare like www

both the apex domain and www dns (both A records btw) are pointing to the same place (not that it should matter since there is a forwarding/redirect rule setup for both)

anyone know why this is happening and how to get the apex domain to redirect to the other domain without error like all the others do? Do I have to install a cert on the redirect domain to accept requests from this domain?

What is the domain? (which should just forward all requests of any type to

Been trying everything:

  • Bulk Redirects
  • Single site Redirect Rules
  • Redirecting main to www (because www works)

No matter what I try, Cloudflare will not redirect the apex domain if the url begins with https (but will as I said redirect https://www…). And both apex and www subdomains work fine without https

The redirect as mentioned above works fine on my end?


1 Like

All combinations seem to work ok…

1 Like

Well this is very strange. When I switch to using my phone’s hotspot instead of my home router, it works for me too! Thanks! I will try to figure out what crazy thing on my router might be preventing this…

Just a quick follow up: My router did not have a dns server set, so it must have just been using whatever my provider gives out, and it definitely did not like redirecting. When I put in (cloudflare’s) it worked as one expected. Thanks for testing that, it would not have occurred to me right away since all the others worked as expected.

It could be your home router’s ISP’s DNS resolver that still has the older information cached, from before you added or changed the DNS record(s).

They will expire at some point, however each DNS resolver operator can have different policies, where they may eventually ignore and either raise (longer wait times) or reduce (shorter wait times) for DNS propagation.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.