HTTPS Redirect To HubSpot - What is Best Practice?



DNS services cannot provide a 301 redirect for HTTPS. I'm migrating to HubSpot from a homegrown PHP environment hosted on Apache. What is the recommended best practice for redirecting the HTTPS links to my site?

TL;DR Details

I'm moving my company website to HubSpot COS. All our content is hosted on the root domain:

So, now we are going to have to implement redirects like this that work the HTTPS. --> --> -->

What's the suggested best practice to solve this? I'm thinking of an Amazon cloudflare / s3 / route 53 setup like described here:

But, I'd like to know what HubSpot recommends? What's best practice? What has worked for others?

Why Can't CMS (COS) Pages Be Hosted On Root Domain?

Hi @khookguy, looks like you got help from @boulter on this thread: Why Can't CMS (COS) Pages Be Hosted On Root Domain?. To confirm, you should be able to contact Support or your CSM in order to be ungated for Apex redirects.


Hi Connor. Thanks, but Apex redirects don't solve the problem I'm asking about here. HTTPS cannot be redirected by the DNS provider. So, I'm asking what people usually do in order to redirect to


Your DNS service provider can probably do this for you.


A DNS service cannot redirect HTTPS traffic. They cannot host the necessary SSL certificate. Its a technical limitation. My DNS service cannot advise me on how to do this because they don't know how. They told me to ask HubSpot.

There are a variety of work-arounds described out there on the web. I'm asking for HubSpot's recommendation on the best solution.

Surely somebody on your technical team has dealt with this issue? It must come up whenever a company migrates an existing site to HubSpot.



Hey @khookguy, this is how I advise customers with this question.

Having the secure apex domain redirect to the subdomain hosted on HubSpot most of the time is not necessary. Visitors seldom type "https://" before visiting a page. The main reason you would want this is if you hosted content under the secure apex domain ( before migrating your website to HubSpot; your pages may still be indexed by Google under the secure apex domain. To confirm if this is the case, you can enter into Google to search for only pages under that domain.

If this type of redirect is necessary, then a solution would need to implemented outside of HubSpot. This is a sophisticated DNS change, which is outside of the scope of what we can support, but we are happy to offer recommendations to point you in the right direction. Below are some options to consider:

  • Using a third-party service, such as EasyRedir, that provides this functionality and has support to help every step of the way.
  • Find a DNS provider that supports this functionality. Most DNS providers do not have this functionality, but Cloudlare is one that does.
  • Purchase a server, install an SSL certificate on that server, and configure that server to forward traffic from the secure apex domain.

I hope this helps!


Hi Brandon,

Thanks for your advice. In particular, thanks for confirming that this is non-trivial and describing some of the options.

IMHO the following is not good advice to your customers to have been using HTTPS apex domain as their standard URL. These days, this is pretty common. So, I would think that HubSpot would want to publish some content / case studies about how people handle it. For us, we have 100s of links to - with big SEO value, and these links send us lots of leads.

Again, thanks for the help. I just discussed this with our technical team. Since we use a load balancer, they think we will be able to use that to redirect both HTTP and HTTPS to


Glad to help! My response was more of a framework for answering this question, but you're correct when the website is hosted under the secure apex before migrating then it's absolutely necessary to set it up for redirection to preserve SEO and ensure previous links do not break.


FYI, we just helped another firm with this same problem. In case anyone else is reading this, our solution (for them) was this:

(1) DNS points root ( to Amazon CloudFront which can host the SSL cert and handle HTTPS
(2) CloudFront has origin set to Amazon S3 folder (
(3) S3 is setup for a 301 redirect to

This setup seems to be working fine for them.

If anyone is interested in talking to me about the details, message me on @khookguy or send an email to