I have a site that does not need https. We do not collect any information at all, nor do we have any forms. This being so we did not set up an SSL certificate.
However, when I go to https://example.com it goes to another site on my server that DOES have an SSL certificate.
We're running a LAMP stack, CentOS6/Apache 2.2. Is there a way to redirect all https requests to my site back to http?
Of course not. If there was, that would be a horrible security flaw. Imagine if you had some super-secure site and someone, without needing to have an SSL certificate for your domain, could make people trying to reach it go to an unsecure site. That would defeat the whole point of secure links.
Without an SSL certificate issued to the name the link goes to, you cannot convince anyone that they should go to the insecure site. In fact, this is exactly what an attacker trying to compromise a secure site would try to do and precisely what SSL and HTTPS prevent.
I'm fairly certain that you have enabled the other site's SSL cert and https on "all sites" rather than just the site for which it was intended. Go back into your apache configuration for https and limit it to https://yoursecuresite.com rather than all of them.
Well, it is not completely impossible, but you won't be able to override the Security warning that your browser will trigger because the HTTPS website name doesn't match the one you're trying to reach (https://example.com and https://securesite.com)
One way to solve this is to allocate your secure website a dedicated IP address different from the the default address of your server. example.com -> 1.1.1.1 ; securesite.com -> 1.1.1.2
This way there is no possibility that https://example.com and https://securesite.com would create a conflict.
And if you really want user to use https://example.com, then you're stuck with using an SSL certificate.
