How to redirect HTTPS requests to HTTP without a certificate (Apache VirtualHosts) and avoid a certificate warning

Question

I would first like to first say, this is not good practice and we should endevour to have everything on HTTPS 100% of the time but in this case I had a series

Answer 1

Short answer. No there is not a way to do this.

The connection to https happens before any type of redirection happens. The only thing you can do is buy a cert. Regular domain certs are super cheap these days.

You can get a valid domain cert for $4.99/yr. Then do the redirection so that both https and http are covered.

Or you can turn off your 443 vhost but the user will get a 404 or connection error page. If they try https.

Those are your options. Your users will always get that warning page as long as it's self signed and that's by design.

Answer 2

Fundamentally, that's a problem. When communicating over HTTPS, the TLS communication layer is set up before anything is exchanged, i.e. the warning about the certificate happens before any information about the website is transferred. So a Certificate is needed to allow a browser to connect when https is defined, self signed or not.

Ideally, and for 'best practice' we should really be encouraging people to use HTTPS as default (I realise this is an expense and can be annoying with certificates, and whilst there shouldn't be anything wrong with self signed certificates, there often are problems and browser messages etc).

Even if you have an application server which 'can only do http', best practice is generally to front that application server with a Web Server (such as nginx or lighthttpd or some form of load balancer) which also will provide your https termination. - which is what you seem to have done with your httprewrite which forwards the request to your site.

You might find some cheap SSL-certificate providers which are installed in most browsers though?