Question Completely Disable SSL

[Tuğrul Yusuf Tahmaz]

Hello, this is my first post.

When I started to use Plesk on my VDS, Google indexed my some pages as https which is I don't want. When I disable SSL from panel I see certificate warning. I only need refuse https connections if user request.

I know tons of site like this. If you try to access https://plesk.xxx for example, it has to say page not found. This is what I need to do.

I read tons of things about .htaccess rules. But still can't find the solution. I don't want to google index my pages with https anymore. I don't have valid https certificate and I don't want to buy...

Thanks for help.

 

[Bitpalast]

It is strongly discouraged to disable SSL. Google had published information before that it will rank SSL pages higher than non-SSL pages. Its intention is to drive people to using SSL only some day.

If you still want to control the response on SSL yourself, e.g. direct to a non-SSL page, when SSL was requested, you could add these lines to the beginning of your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L]

If instead you do not want to return any output at all, but a 404 not found error:

RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L]
RewriteRule ^ - [L,R=404]

Again, this is the wrong approach. It is much better to install an SSL certificate (e.g. a free Let's Encrypt certificate), then set your pages to appropriately deliver SSL conent (e.g. by changing all the references in your website from http:// to https:// URLs).

 

[Tuğrul Yusuf Tahmaz]

Hi Peter Debik,

At first thank you very much for your quick reply. I made your first solution which is redirecting https to http. When user click indexed https url's, it is redirecting to http. It is ok.

But the question is, although I did that, is Google going to index my https pages again? is that possible? When spiders come back again they will fix url's as http instead of https next time?

Note: Also I've added "<link rel="canonical" href="http://www.mysite.try/">" code to my header.php

 

[Bitpalast]

Google will likely prefer the SSL version over the non-SSL version for its index. I am not sure whether it recognizes that the non-URL version ought to be used. Maybe you should add a 301 code to the response like this:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This indicateds "Moved permanently", so that a spider should update their index accordingly. I am not sure whether the solution does not already send a 301 by default (have not tested that). After all, Google will do whatever it thinks it wants to do.[/code]

 

[Tuğrul Yusuf Tahmaz]

I've already added 301 myself. Thank you very much for your help.

 

[Darko]

Hello Peter

I have News page installed on my VPS, and i have installed let's encrypt automaticlly, but on this portal for news i dont need ssl and https, when i disable the ssl i get red https and i have some notification from the chrome i dont like that because i need to install new adserver to be configured to work on https but i dont need that on news portal. Help

It is strongly discouraged to disable SSL. Google had published information before that it will rank SSL pages higher than non-SSL pages. Its intention is to drive people to using SSL only some day.

If you still want to control the response on SSL yourself, e.g. direct to a non-SSL page, when SSL was requested, you could add these lines to the beginning of your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L]

If instead you do not want to return any output at all, but a 404 not found error:

RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L]
RewriteRule ^ - [L,R=404]

Again, this is the wrong approach. It is much better to install an SSL certificate (e.g. a free Let's Encrypt certificate), then set your pages to appropriately deliver SSL conent (e.g. by changing all the references in your website from http:// to https:// URLs).

 

[Bitpalast]

Help with what exactly?

 

[Darko]

Help with what exactly?

I have problem, when i create new Webhosting account and new domain by default that domain get https access, but that is Portal for news and i dont need https, i was trying to disable but when i disable my page will disappiar and i got default webpage with the logo of the plesk and informations how to connect on the panel. Can you help me?

 

[Bitpalast]

So you are trying to open your URL by http:// and see the default webpage instead? Or does that happen when you try to open it by https://?

 

[Darko]

So you are trying to open your URL by http:// and see the default webpage instead? Or does that happen when you try to open it by https://?

Hello Peter when i create some domain by default is creating with https and when i like to change to http and try to open the page sometimes is opening to Http with default page from Ples or is transfering to red https, i like to disable that.

 

[Bitpalast]

I think this is too "fuzzy" for me to assist you. Maybe someone else understands what exactly is configured and what the result is. From your description I cannot understand what is happening. It reads as if you have set a permanent redirect to https://, but then again you are saying that "sometimes" it is opening in http://, then again redirecting to https://. It does not make any sense to me, sorry, I cannot help with this.

 

[Darko]

Peter, maybe im confusing but i will make screan shots so you can understand what im talking.

on this picture you can see i dont have enabled a ssl for my webpage, but when i try to open my page i getting this see on the picture


now i will enable ssl and you can see the page.





and again because i didn't active the ssl for the page just for mail i i got the message Not Secure, please can you help me?

Thanks

 

[Bitpalast]

The symptom is a very unusual behavior, it is not the Plesk default behavior.
- Are you sure that after the configuration change the web server was restarted to reload the new configuration?
- Are you using the typical Nginx/Apache combination or did you apply any custom changes to Nginx or Apache, e.g. enabled or disabled some caching, entered additional rules in the webhosting configuration files?
- Did you do any changes to .htaccess or the virtual host templates for domains on your system?
- What is the content of
/var/www/vhosts/system/<your domain>/conf/httpd.conf
/var/www/vhosts/system/<your domain>/conf/nginx.conf
when the error occurs?

 

[Darko]

The symptom is a very unusual behavior, it is not the Plesk default behavior.
- Are you sure that after the configuration change the web server was restarted to reload the new configuration?
- Are you using the typical Nginx/Apache combination or did you apply any custom changes to Nginx or Apache, e.g. enabled or disabled some caching, entered additional rules in the webhosting configuration files?
- Did you do any changes to .htaccess or the virtual host templates for domains on your system?
- What is the content of
/var/www/vhosts/system/<your domain>/conf/httpd.conf
/var/www/vhosts/system/<your domain>/conf/nginx.conf
when the error occurs?

Hello Peter, this problem come out when i install Let's Encrypt plugin for free SSL because i have one e-commerce page on my server. Now when i create new domain coming with ssl, i dont know why i didn't set ssl.