I have removed HTTPS certificate from my blog but still it is getting redirected to HTTPS

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.legittechinfo.com

I ran this command:

It produced this output:

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No, I am using

Hey sir, I issued an SSL certificate for blog a few weeks ago but due to some reasons, I wanted to remove the SSL certificate. So to remove the certificate, I deleted the files associated with that domain and uninstalled the certbot but till today, my blog is redirecting to HTTPS instead of HTTP.
Please help me.

2

Your site isn’t actually redirecting to HTTPS. Just your browser is.

Two reasons this could happen:

  • Your browser is remembering the 301 redirect that used to be there. A 301 redirect is called a “permanent redirect” because browsers will remember it indefinitely.
  • (Less likely) You used to have an HSTS header, but now it’s gone.

The test to figure out which one is happening to you is to visit http://www.legittechinfo.com/?a=dont-cache-me . If it redirects to HTTPS, (2) is probably the case. Otherwise, (1) applies.

You can Google the instructions to clear either the browser cache or the HSTS cache for whatever browser you are using.

3

http://www.legittechinfo.com/ doesn’t redirect to HTTPS.

http://legittechinfo.com/ currently does redirect to https://legittechinfo.com/.

https://legittechinfo.com/ redirects to https://www.legittechinfo.com/.

https://www.legittechinfo.com/ has a certificate error, but doesn’t redirect.

You need to untangle the Apache configuration and virtual hosts, find where the redirects are, and change them.

If the site was using HSTS, you have to send a new HSTS header to undo the old one. And continue supporting HTTPS until the old header expires, if only to redirect to HTTP.

Why do you want to remove HTTPS support?

4

Can you please explain how to do all this.

I want to remove HTTPS because when I issued an SSL certificate for my blog, I got it for https://legittechinfo.com but whenever I try to visit https://www.legittechinfo.com it always says that there is some risk because an SSL certificate has been issued for https://legittechinfo.com but https://www.legittechinfo.com address is also using the same certificate which may lead to risk.

And that’s why I want to remove HTTPS.

If there is some way that I can get SSL setup for both the address http://www.legittechinfo.com and http://legittechinfo.com I have no problem to stay with the HTTPS even I will be thankful to you for that <3

5

It depends on how the existing certificate was created, but it shouldn't be hard to get a new certificate for both names.

How did you create the certificate?

I ran this command:

It produced this output:

For example, if you used "certbot --apache -d legittechinfo.com", you can use "certbot --apache -d legittechinfo.com -d www.legittechinfo.com".

6

Oh okay, so if I install certbot again and run the following command, will everything get fine?

I mean will HTTPS will be activated on my blog?

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.