G Suite Custom URLs

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mango wave.com

I ran this command: requesting a custom urls “mail.mangowave.com”, “calendar.mangowave.com”, or “drive.mangowave.com

It produced this output: ERR_CONNECTION_CLOSED because domains were loaded using https

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: fastcomet.com

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

my website is running correctly but it seems the issue is mainly with Safari and Chrome browsers; when accessing the custom urls (“mail.mangowave.com”, “calendar.mangowave.com”, or “drive.mangowave.com”) I get the following error: ERR_CONNECTION_CLOSED.

However, when I access them in Microsoft Edge browser, it loads correctly. It seems that this has to do with the fact that Safari and Chrome insist on loading the sites with https:// instead http:// even when I type it out it’s redirecting to https.

Any idea as to why?

1 Like

Hi @sdaouk,

Your main domain sends this header:

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

The meaning of that header is that you want to request all browsers in the world to request all subdomains of mangowave.com via HTTPS only. If that’s not the behavior that you want, you should exclude includeSubDomains or not send this HSTS header at all.


I made the changes and now my domain according to: https://hstspreload.org doesn’t have HSTS preloaded but the other subdomains do? Any ideas?

Hi @sdaouk,

According to Google GSuite help article, it’s currently impossible to obtain a certificate for your GSuite custom domains (links / urls) when you point the server directly onto Google CNAMEs.


Your domain is set up with a security measure, such as HTTP Strict Transport Security, which requires HTTPS connections. The Admin console supports only HTTP connections for custom URLS, so you can’t customize service addresses for your domain. You can check the HTTP Strict Transport Security status for your domain at https://hstspreload.org.

Thank you

1 Like

The custom domains Google sets up are just redirects from https://‍[service].[yourdomain]/ to
https://‍[service].google.com/‍a/‍[yourdomain]. You can have your own server do that instead. (Yes,it should be handled by Google, but doing it yourself is a one-time mild annoyance.)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.