[SOLVED] website still redirects to https after removing certificate

Discussion in 'General' started by Samo_slo, Jun 28, 2016.

  1. Samo_slo

    Samo_slo Member

    I have set up server with the how to for the perfect server ubuntu 14.04 and i have a problem with ssl certificates. I have enabled SNI because i have only 1 IP and i have http and https sites on same IP.
    When i set up the ssl sites they work perfectly with no complications. But i removed the certificate for 1 web site and it still forces https conection even if i write "http://website.si" in the browser firefox. In chrome the site works after i enterd the whole address, before it allways connected over https.
    I deleted the cert with Web Domain -> SSL -> SSL Action, uncheckt the SSL option Web Domain ->Domain and deleted the website.key in the ssl folder. The vhost file for the site has only the Vhost for 80 port<VirtualHost 123.123.123.123:80> and not for the 443. (thats not my real IP).
    I can't use mod_rewrite because the recuest has to go trough before the rules apply, or so every one saies on the internet.

    How can i force this site to connect trough httpor PORT 80?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Check your cms system, it might do the redirect.
     
  3. Samo_slo

    Samo_slo Member

    nope don't use cms... in the end ispconfig 3 worked great the problem was firefox and it's auto-complete function where simply clearing the cache didn't work. It's still the problem if users have bookmarked it as https and google search still gives the https address but i requested googlebot to go through page.
    But is there a way to force the site to redirect from https to http as you can the other way from http to https in .htaccess?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    That's possible, but requires https for the site as if there is no https site, then there is no place where a redirect could happen.

    Add the ssl cert again, turn on https and then add a redirect in the .htaccess file from https to http.
     
    Samo_slo likes this.
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    If your https site previously sent a Strict-Transport-Security header, it might well be dated/valid for a long time to come, and it's purpose is to do exactly what you're seeing, force all http requests to go to https. This should work for firefox: https://support.mozilla.org/en-US/questions/919498 I don't know what to do for google search indexing if they picked up such a header, but I'd imagine a little google searching will find the answer if needed.
     
    Samo_slo likes this.

Share This Page