We should be able to support domain redirects toe CMS domains, without necessarily having the appropriate certificates. Although we could use LetsEncrypt for free certificates.
