Does redirecting a secure domain require an ssl certificate on both domains?

Question

I'm hosting a site on Microsoft Azure and I need to add a redirect from the old domain (domain1.com) to a new domain (www.domain2.com). The problem I'm having however is that the redirect works fine on insecure url's :

http://domain1.com -> https://www.domain2.com

http://www.domain1.com -> https://www.domain2.com

However it doesn't work properly on secure url's:

https://domain1.com -> https://www.domain2.com

https://www.domain1.com -> https://www.domain2.com

What happens is that I get a certificate warning i.e. the given certificate isn't valid for this domain. If i accept the warning, the redirect occurs to the new domain just fine.

This shows me everything is working fine, it's just that ssl is negotiated before the redirect occurs in the browser and because there is no ssl certificate on the first domain I get the warning. Is this correct?

Is there something I'm missing here? Is there a better way to do this? Do I need an ssl certificate on both domains?

Here is my web.config file so you can see my configuration:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <!-- Don't show directory listings for URLs which map to a directory. -->
    <directoryBrowse enabled="false" />
    <rewrite>
      <rules>
        <rule name="Protect files and directories from prying eyes" stopProcessing="true">
          <match url="\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$" />
          <action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access is forbidden." />
        </rule>

        <rule name="Force simple error message for requests for non-existent favicon.ico" stopProcessing="true">
          <match url="favicon\.ico" />
          <action type="CustomResponse" statusCode="404" subStatusCode="1" statusReason="File Not Found" statusDescription="The requested file favicon.ico was not found" />
          <conditions>
            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
          </conditions>
        </rule>

        <!-- Rewrite URLs of the form 'x' to the form 'index.php?q=x'. -->
        <rule name="Short URLs" stopProcessing="true">
          <match url="^(.*)$" ignoreCase="false" />
          <conditions>
            <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
            <add input="{URL}" pattern="^/favicon.ico$" ignoreCase="false" negate="true" />
          </conditions>
          <action type="Rewrite" url="index.php?q={R:1}" appendQueryString="true" />
        </rule>

        <rule name="Redirect old-domain to new-domain" stopProcessing="true" enabled="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTP_HOST}" pattern="^(www.)?domain1.com$" />
          </conditions>
          <action type="Redirect" url="https://www.domain2.com/{R:0}" appendQueryString="true" redirectType="Permanent" />
        </rule>

        <rule name="WWW Rewrite" enabled="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTP_HOST}" negate="true" pattern="^www\." />
            <add input="{HTTP_HOST}" negate="true" pattern="localhost" />
          </conditions>
          <action type="Redirect" url="https://www.domain2.com/{R:0}" appendQueryString="true" redirectType="Permanent" />
        </rule>

        <!-- Force HTTPS Starts -->
        <rule name="Force HTTPS" enabled="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
          </conditions>
          <action type="Redirect" url="https://www.domain2.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
        </rule>
        <!-- Force HTTPS Ends -->

      </rules>
    </rewrite>

    <httpErrors>
      <remove statusCode="404" subStatusCode="-1" />
      <error statusCode="404" prefixLanguageFilePath="" path="/index.php" responseMode="ExecuteURL" />
    </httpErrors>

    <defaultDocument>
      <!-- Set the default document -->
      <files>
        <remove value="index.php" />
        <add value="index.php" />
      </files>
    </defaultDocument>
  </system.webServer>
</configuration>

Answer 1

This can be done with GoDaddy and Wix as well. On GoDaddy you tell it you want to forward to an existing website, pick Wix and it brings you to a page to fill in the info you need from Wix. On the Wix side you tell it you want to add a domain as a "pointing" type and it will give you the info to copy/paste into GoDaddy. Took about 30 mins for mine to go through but it re-directed without complaining about the certs.

Answer 2

While the above answer is correct, there is something powerful with Google Domains. It allows you to, under advanced settings, to redirect with HTTPS, without needing an SSL certificate. I haven't seen it with other registrars besides Google Domains, and I should note that they don't support ever TLD. Assuming you've registered or transferred the domain in question over to Google Domains, here's how to implement it:

1. Navigate to Google Domains and click into the domain you want to redirect
2. Open the menu Menu, if applicable.
3. Click Website .
4. Under "Forward to an existing webpage, click; Add a forwarding address.
5. Enter a URL or IP address in the "Website URL" field.
6. Open 'Advanced Settings', and optionally select Permanent redirect (301) or Temporary
7. Then, under FORWARDING OVER SSL, select SSL on
8. click Forward to save your settings and that's it!

Answer 3

You will be able to redirect non-secure URL to the HTTP/HTTPs. But you won’t be able to redirect HTTPS URL (https://domain1.com) to any HTTP/HTTPs (https://www.domain2.com) unless you have installed valid SSL certificate.

http://domain1.com -> https://www.domain2.com [YES, with or without SSL]
http://www.domain1.com -> https://www.domain2.com [YES, with or without SSL]

And,

https://domain1.com -> https://www.domain2.com [Required Valid SSL certificate for domain1.com]
https://www.domain1.com -> https://www.domain2.com [Required Valid SSL for domain1.com]

That’s why you are getting error as ‘the given certificate isn't valid for this domain’ because you have not valid certificate. Please note you have to install SSL certificate on both OLD and NEW domain if you want old URLs to redirect on new HTTPS URLs.