diff --git a/lib/validate.js b/lib/validate.js
index 2788c78b31aaf44954ef3843966614265cadc11e..c95d787f46a802cee6082a0bd773c62d47049de4 100644
--- a/lib/validate.js
+++ b/lib/validate.js
@@ -43,7 +43,7 @@ var types = {
     https?:\/\/                 // starts with http:// or https://
     (?=.{1,254}(?::|$))         // hostname must be within 1-254 characters
     (?:                         // match hostname part (<part>.<part>...)
-      (?!\d|-)                  // cannot start with a digit or dash
+      (?!-)                     // cannot start with a dash (allow it to start with a digit re issue #2042)
       (?![a-z0-9\-]{1,62}-      // part cannot end with a dash
         (?:\.|:|$))             // (end of part will be '.', ':', or end of str)
       [a-z0-9\-]{1,63}\b        // part will be 1-63 letters, numbers, or dashes
@@ -53,7 +53,7 @@ var types = {
     (:\d+)?                     // optional port
     $/i;                        // end; case-insensitive
     */
-    var regex = /^https?:\/\/(?=.{1,254}(?::|$))(?:(?!\d|-)(?![a-z0-9\-]{1,62}-(?:\.|:|$))[a-z0-9\-]{1,63}\b(?!\.$)\.?)+(:\d+)?$/i;
+    var regex = /^https?:\/\/(?=.{1,254}(?::|$))(?:(?!-)(?![a-z0-9\-]{1,62}-(?:\.|:|$))[a-z0-9\-]{1,63}\b(?!\.$)\.?)+(:\d+)?$/i;
     if (typeof x !== 'string' || !x.match(regex)) {
       throw new Error("not a valid origin");
     }
diff --git a/tests/simple-stage-user-utf8-password.js b/tests/simple-stage-user-utf8-password.js
index cdd07a8dafbd20b7d17f081a8ecd3211c645892d..b16e10a744a9256f8860bb7807c57f4df53289a0 100755
--- a/tests/simple-stage-user-utf8-password.js
+++ b/tests/simple-stage-user-utf8-password.js
@@ -22,7 +22,7 @@ start_stop.addStartupBatches(suite);
 const
 TEST_DOMAIN = 'example.domain',
 TEST_ORIGIN = 'http://127.0.0.1:10002',
-TEST_SITE = 'http://example.com:652';
+TEST_SITE = 'http://dev.123done.org';
 
 // This test simply stages a secondary user. It does so for two users,
 // one with a password that is only ascii, and the other with non-ascii