Need to redirect http to https
Hi, we have a site, seniormealsolutions.com, which for reasons I won't go into doesn't yet have an SSL certificate.
if you go to the http version, you get the proper site.
If you go to the https:// version, you see our main site, magickitchen.com, but with the seniormealsolutions.com still in the address window. I am worried that this will show to Google as duplicate content, would it?
I've tried various ways to redirect https to http, in .htaccess, with no success so far. here's what I've tried:
if you go to the http version, you get the proper site.
If you go to the https:// version, you see our main site, magickitchen.com, but with the seniormealsolutions.com still in the address window. I am worried that this will show to Google as duplicate content, would it?
I've tried various ways to redirect https to http, in .htaccess, with no success so far. here's what I've tried:
RewriteEngine on
RewriteCond %{HTTPS} on
RewriteRule ^/?$ http://%{SERVER_NAME}/ [R=301]
RewriteRule ^inner/directory/?$ http://%{SERVER_NAME}/inner/directory/ [R=301,L]RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]<VirtualHost *:443>
SSLEnable
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>RewriteEngine On
RewriteCond %{SERVER_PORT} 443
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
You're likely hitting the other site due to not having a cert for seniormealsolutions.com, but right now that the least of your concerns.
Currently anybody visiting https://www.seniormealsolutions.com will get a security warning indicating the certificate is invalid and their data may be at risk. (screen shots for Chrome and Firefox attached)
This could lead to trust issues regarding the site.
Personally I would remove the 443 redirect for the site until you are able to obtain a valid certificate
sshot2.jpg
sshot3.jpg
Currently anybody visiting https://www.seniormealsolutions.com will get a security warning indicating the certificate is invalid and their data may be at risk. (screen shots for Chrome and Firefox attached)
This could lead to trust issues regarding the site.
Personally I would remove the 443 redirect for the site until you are able to obtain a valid certificate
sshot2.jpg
sshot3.jpg
As far as acquiring an SSL certificate, are you aware that Let's Encrypt provides basic ones for free?
ASKER
Hi, David S. yes, but I don't have access to the server, and the person who manages it is too busy to add the SSL certs.
I'm not an Apache person, I'm just trying to fix this as a temporary measure. So, David F. I can't do that command either. I'll see if the person running the server can run it, thanks.
I'm not an Apache person, I'm just trying to fix this as a temporary measure. So, David F. I can't do that command either. I'll see if the person running the server can run it, thanks.
ASKER
Hi- someone said Personally I would remove the 443 redirect for the site. I am not clear on what that is. I'll google it, but if anyone could:
1. Tell me if this seeing the original site is a really bad thing?
2. Tell me if it's possible to use htaccess to redirect https requests to http?
Thanks.
1. Tell me if this seeing the original site is a really bad thing?
2. Tell me if it's possible to use htaccess to redirect https requests to http?
Thanks.
ASKER
Ok, a 443 redirect sends users using http to https, right? I don't believe we have that in place, in fact I am trying to do the opposite. Thanks.
Try adding this to your .htaccess
Having said that - something is already doing the redirect to https - here is that happening.
What does your full .htaccess look like.
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://www.seniormealsolutions.com/$1 [R,L]Having said that - something is already doing the redirect to https - here is that happening.
What does your full .htaccess look like.
You said, "Personally I would remove the 443 redirect for the site until you are able to obtain a valid certificate."
You are correct.
If you...
1) Have no SSL cert.
2) Have HSTS enabled.
3) Then redirect all traffic to an https (443) URL.
Your site will then become inaccessible.
Best defer all this work, till after you acquire your cert...
Which should take 30 seconds, to use https://LetsEncrypt.org for acquiring a free cert.
You are correct.
If you...
1) Have no SSL cert.
2) Have HSTS enabled.
3) Then redirect all traffic to an https (443) URL.
Your site will then become inaccessible.
Best defer all this work, till after you acquire your cert...
Which should take 30 seconds, to use https://LetsEncrypt.org for acquiring a free cert.
ASKER
I know, getting the certs would be fast. We have 5 sites like this. I'm not sure how long it would take our server manager/cart developer to put them in place.
ASKER
Julian, thanks. Here's the htaccess file, with my most recent attempt to send https to http. Before that it was just the 404 piece and the caching piece.
So it seems the redirect is on the server then?
So it seems the redirect is on the server then?
ASKER
sorry didn't upload the file!
htaccess.txt
htaccess.txt
ASKER
I tried RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://www.seniormealsolutions.com/$1 [R,L] on mkmeals.com, didn't work. Thanks for your help, everyone, I think I need to toss this back to the man who manages the server.
RewriteRule ^(.*)$ http://www.seniormealsolutions.com/$1 [R,L] on mkmeals.com, didn't work. Thanks for your help, everyone, I think I need to toss this back to the man who manages the server.
I am confused as to why when you go to https://seniormealsolutions.com it goes to https://magickitchen.com ?
Did I understand your OP correctly in that is what is happening?
In which case - where is the redirect to magickitchen.com happening?
Did I understand your OP correctly in that is what is happening?
In which case - where is the redirect to magickitchen.com happening?
ASKER
I am just as confused. The developer says we just need to add a redirect https to http.
Is it actually redirecting? Because the address bar doesn't change. This is something I just noticed yesterday, and I know all of you are right, we need to get those SSL certs in place. But I don't know why this is happening.
I have to assume the redirect is on the server.
Is it actually redirecting? Because the address bar doesn't change. This is something I just noticed yesterday, and I know all of you are right, we need to get those SSL certs in place. But I don't know why this is happening.
I have to assume the redirect is on the server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I can get one, but the man who runs the server has to put it on, and he never has time. Thanks so much for that.
ASKER
Thanks, everyone. I'll talk to the owner to see if he wants to push to get this done in this busy season, and if not, will take Julian's recommendation of commenting out a section on the server, (again if developer can make the time).
but the man who runs the server has to put it on, and he never has time
Have you considered looking for a different host / developer? Adding a cert takes all of 5 min (if that)
Good luck
Ken
ASKER
Thanks, Ken. The man does procrastinate. :)
Open in new window
So you're hitting the default site, rather than your site.Likely the following command will show you the problem...
Open in new window