2

I have a main domain and a couple of secondary domains hosted by a commercial web hosting service using Apache servers. Each domain has its own .htaccess file. I have only one SSL certificate, which is all I need, for the main domain.

However, if I type in the URL box (or a search engine directs to) HTTPS://secondarydomain.com, I get the web page warning about an invalid security certificate. When I confirm the exception, the browser displays the maindomain that is bound to the certificate. I read the post: SSL priority. Is there nothing at all that I can do in this scenario to redirect from HTTPS to HTTP for the secondary domains?

EDIT for clarification: I want the server to apply SSL certificate only to the main domain. The sub-domains are wholly unrelated domains. It is only confusing to people visiting those sub-domains to see a SSL certificate with the name of an unrelated website. That is why I was hoping there was something I could put in the .htaccess files of those subdomains to make the server bypass or ignore the SSL certificate of the main domain.

EDIT: I also tried an unconditional redirect with these lines in .htaccess

RewriteEngine on
Redirect / "http://m y d o m a i n .com/"
harpagornis
  • 21
  • 4
  • 2
    I have answered an exact duplicate here: [it is possible](https://serverfault.com/a/846833/274176). Please upvote that answer if it's suitable for your situation. – Esa Jokinen May 17 '17 at 17:27
  • Possible duplicate of [Apache with mixed http only and http/s virtualhost](https://serverfault.com/questions/846778/apache-with-mixed-http-only-and-http-s-virtualhost) – Esa Jokinen May 17 '17 at 17:29
  • Huh? A virtual host? – harpagornis May 17 '17 at 21:35
  • 1
    The question is actually of the same situation. The secondary domains are called `VirtualHost`s in Apache's configuration. – Esa Jokinen May 17 '17 at 21:39
  • And I am able to configure Apache on a third-party web host how? – harpagornis May 17 '17 at 21:44
  • 1
    If you want https URLs to work you obviously need a valid certificate for the domain. And once you have a valid certificate for the domain, I don't see why you would want to redirect to http in the first place. – kasperd May 29 '17 at 06:36
  • There's a few reasons. I need it becaue I have an express server running at port 8443 and I need it to be accessed via https from the main apache server. @kasperd – FabricioG Nov 13 '18 at 19:28

1 Answers1

1

We also encountered scenarios before where we had client applications that could not support HTTPS that we needed to redirect back to HTTP. We used the Apache redirect permanent on the virtualhost for HTTPS to force redirection back to HTTP for a particular application.

You might be able to use the following reference which they say works with htaccess: https://httpd.apache.org/docs/2.4/rewrite/remapping.html

Here's a snippet that might help you achieve what you want:

<If "%{SERVER_PROTOCOL} != 'HTTP'">
    Redirect / "http://secondarydomain.com/"
</If>

I haven't tried managing the redirection using htaccess since we use virtualhosts but this seems possible also with htaccess.

Elliot Huffman
  • 1,229
  • 1
  • 12
  • 25
Carlo Miguel Cruz
  • 431
  • 4
  • 12