I was thinking you could use a self-signed certificate since the domain would only be used by you and only for redirecting clicks. You won't have ecommerce transactions occurring on that domain.
But I'm not sure, now that I think about it, that a surfer's browser might not pop a warning message about it not being a signed Certificate Authority certificate.
If someone has a testing server and some free time, this could be worth knowing for sure. But until then I'm not suggesting it's a workable solution since there might be device/system/browser combinations where it won't do what you want.