How to redirect from HTTPS to HTTP before server error?
I used to operate a website with an SSL certificate, but have stopped using the SSL certificate. The problem is that most of the external links to the website use the https:// prefix.
I have tried the https:// to http:// redirect in the .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI}
But it seems, as has been pointed out elsewhere, that the server is trying to retrieve the certificate before activating the redirect. Hence, an error is shown before the redirect is ever accomplished. The error is either a warning that the certificate is expired, or if I delete the certificate signing request, then an error that SSL received a record that exceeded the maximum permissible length.
Is there any way to allow the incoming links to be redirected properly?
The difference between http and https is that https requests are sent over an ssl-encrypted connection. The ssl-encrypted connection must be established between the browser and the server before the browser sends the http request.
Https requests are in fact http requests that are sent over an ssl encrypted connection. If the server rejects to establish an ssl encrypted connection then the browser will have no connection to send the request over. The browser and the server will have no way of talking to each other. The browser will not be able to send the url that it wants to access and the server will not be able to respond with a redirect to another url.
So this is not possible. If you want to respond to https links, then you need an ssl certificate.
No, if it were possible to redirect from https to http without a real certificate, it would be a major security flaw.
Consider a criminal somehow being able to make the bank secure server redirect to an insecure connection without needing a real https certificate for the site, it would allow the criminal to hijack the connection without the user knowing about it.
The only solution I can see is to get a cheap certificate and then do a normal redirect from the HTTPS site (which the user can't reach without a valid certificate) to the regular site for those external links.