Need to redirect http to https

Melody Scott
Melody Scott used Ask the Experts™
on
Hi, we have a site, seniormealsolutions.com, which for reasons I won't go into doesn't yet have an SSL certificate.

if you go to the http version, you get the proper site.

If you go to the https:// version, you see our main site, magickitchen.com, but with the seniormealsolutions.com still in the address window. I am worried that this will show to Google as duplicate content, would it?

I've tried various ways to redirect https to http, in .htaccess, with no success so far. here's what I've tried:
RewriteEngine on
RewriteCond %{HTTPS} on
RewriteRule ^/?$ http://%{SERVER_NAME}/ [R=301]
RewriteRule ^inner/directory/?$ http://%{SERVER_NAME}/inner/directory/ [R=301,L]

Open in new window



RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Open in new window


<VirtualHost *:443>
  SSLEnable

  RewriteEngine On
  RewriteCond %{HTTPS} on
  RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>

Open in new window


RewriteEngine On
RewriteCond %{SERVER_PORT} 443
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Open in new window


RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Sounds you might have missed doing...

a2ensite seniormealsolutions.com

Open in new window

So you're hitting the default site, rather than your site.

Likely the following command will show you the problem...

apache2ctl -S

Open in new window

You're likely hitting the other site due to not having a cert for seniormealsolutions.com, but right now that the least of your concerns.

Currently anybody visiting https://www.seniormealsolutions.com will get a security warning indicating the certificate is invalid and their data may be at risk. (screen shots for Chrome and Firefox attached)

This could lead to trust issues regarding the site.

Personally I would remove the 443 redirect for the site until you are able to obtain a valid certificate
sshot2.jpg
sshot3.jpg
David S.Consultant & Challenge Subduer
Top Expert 2009

Commented:
As far as acquiring an SSL certificate, are you aware that Let's Encrypt provides basic ones for free?
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

Author

Commented:
Hi, David S. yes, but I don't have access to the server, and the person who manages it is too busy to add the SSL certs.

I'm not an Apache person, I'm just trying to fix this as a temporary measure. So, David F. I can't do that command either. I'll see if the person running the server can run it, thanks.

Author

Commented:
Hi- someone said Personally I would remove the 443 redirect for the site. I am not clear on what that is. I'll google it, but if anyone could:

1. Tell me if this seeing the original site is a really bad thing?
2. Tell me if it's possible to use htaccess to redirect https requests to http?

Thanks.

Author

Commented:
Ok, a 443 redirect sends users using http to https, right? I don't believe we have that in place, in fact I am trying to do the opposite. Thanks.
Most Valuable Expert 2017
Distinguished Expert 2018

Commented:
Try adding this to your .htaccess

RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://www.seniormealsolutions.com/$1 [R,L]

Open in new window


Having said that - something is already doing the redirect to https - here is that happening.

What does your full .htaccess look like.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
You said, "Personally I would remove the 443 redirect for the site until you are able to obtain a valid certificate."

You are correct.

If you...

1) Have no SSL cert.

2) Have HSTS enabled.

3) Then redirect all traffic to an https (443) URL.

Your site will then become inaccessible.

Best defer all this work, till after you acquire your cert...

Which should take 30 seconds, to use https://LetsEncrypt.org for acquiring a free cert.

Author

Commented:
I know, getting the certs would be fast. We have 5 sites like this. I'm not sure how long it would take our server manager/cart developer to put them in place.

Author

Commented:
Julian, thanks. Here's the htaccess file, with my most recent attempt to send https to http. Before that it was just the 404 piece and the caching piece.

So it seems the redirect is on the server then?

Author

Commented:
sorry didn't upload the file!
htaccess.txt

Author

Commented:
I tried RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://www.seniormealsolutions.com/$1 [R,L] on mkmeals.com, didn't work.  Thanks for your help, everyone, I think I need to toss this back to the man who manages the server.
Most Valuable Expert 2017
Distinguished Expert 2018

Commented:
I am confused as to why when you go to https://seniormealsolutions.com it goes to https://magickitchen.com ?

Did I understand your OP correctly in that is what is happening?

In which case - where is the redirect to magickitchen.com happening?

Author

Commented:
I am just as confused. The developer says we just need to add a redirect https to http.

Is it actually redirecting? Because the address bar doesn't change. This is something I just noticed yesterday, and I know all of you are right, we need to get those SSL certs in place. But I don't know why this is happening.

I have to assume the redirect is on the server.
I have to assume the redirect is on the server.

We'd need to see your config, but
<virtualhost *:443>

Open in new window

is where you'd need to look  

Because seniormealsolutions.com doesn't have a certificate, the profile for magickitchen.com is being loaded

If you have a listing for:

<virtualhost *:443>
ServerName seniormealssolutions.com
</virtualhost>

Open in new window


Removing, or commenting it out might resolve the issue
Why don't you have / get a certificate for seniormealsolutions.com??

Author

Commented:
I can get one, but the man who runs the server has to put it on, and he never has time. Thanks so much for that.

Author

Commented:
Thanks, everyone.  I'll talk to the owner to see if he wants to push to get this done in this busy season, and if not, will take Julian's recommendation of commenting out a section on the server, (again if developer can make the time).
but the man who runs the server has to put it on, and he never has time

Have you considered looking for a different host / developer? Adding a cert takes all of 5 min (if that)

Good luck

Ken

Author

Commented:
Thanks, Ken. The man does procrastinate. :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial