Can I configure Google Domains to redirect a bare domain to a subdomain over HTTPS?

Google has very recently added an option to support redirect over SSL. Not sure how this is being done but it appears that Google is setting up their own SSL cert to make this possible. Enabling this feature shows a message "This synthetic record has an error and will not function correctly: The SSL Certificate for this domain hasn't been created yet. This process may take up to 24 hours to complete."

Setup and tested this and it works well.

However Google is handling this redirection service, you can't configure anything more than one subdomain to another (or bare, vice versa). This means no redirection code (301 vs 302), no installing an SSL certificate to respond over HTTPS, etc.

I'm hosting more sites at places like Heroku these days, where we don't get a static IP address and need to add a CNAME record for a subdomain. DNS doesn't typically support adding a CNAME to the bare domain, which is a good thing since it could conflict with other records on the bare domain like MX.

Cloudflare has been my preferred approach to this. Free DNS management (including redirects) and DoS mitigation along with SSL that supports modern browsers. For a broader range of browser coverage, add-on a dedicated SSL for $5/mo and you've got a great package all around.