diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 494172aedf..8d4cdba716 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -3,6 +3,7 @@ class ApplicationController < ActionController::Base
 
   before_filter :load_data_for_menu
   before_filter :load_data_for_sidebar
+  before_filter :require_certified_hostname
 
   private
   def load_data_for_menu
@@ -34,6 +35,17 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  # There are several domains that point to the production server, but only one
+  # (vic.openfoodnetwork.org) that has the SSL certificate. Redirect all requests to this
+  # domain to avoid showing customers a scary invalid certificate error.
+  def require_certified_hostname
+    certified_host = "vic.openfoodnetwork.org"
+
+    if Rails.env.production? && request.host != certified_host
+      redirect_to "http://#{certified_host}#{request.fullpath}"
+    end
+  end
+
 
   # All render calls within the block will be performed with the specified format
   # Useful for rendering html within a JSON response, particularly if the specified