Migrating From HTTPS To HTTP

HTTPS to HTTP

Why Migrate From HTTPS To HTTP

While moving from HTTP to HTTPS is a growing trend, there may be a time when you want to convert HTTPS to HTTP. For us, the main driver was page load time. After we migrated to HTTPS, the average page load time went up substantially, thus negatively impacting user experience. We tried several methods to improve page load time, but found little success. As a result, we decided reverting to HTTP was the best way to proceed.

Do I Still Need an SSL Certificate After Migrating From HTTPS To HTTP?

It is important to note that even after you migrate from HTTPS to HTTP, you’ll still need a valid SSL certificate. This is because since the initial request will come via HTTPS, you’ll still need to have a valid certificate. Otherwise, your visitors will see a “your connection is not secure” type of error, which is enough to turn most of them away before they even see anything on your site.

How To Migrate From HTTPS To HTTP

The amount of work required to convert HTTPS to HTTP is actually fairly small. The steps are below. In this post, the commands we use are for Apache 2.4.18 / Ubuntu. If you use a different web server / OS combination, please make sure you use the appropriate command.

1. Set up a redirect to point your HTTPS pages to HTTP pages. To do this, modify the Apache2 config file for your domain under /etc/apache2/sites-available/. Add the following line under <Virtualhost *.443>:

Redirect Permanent / http://your-site-name.com

Remember to replace your-site-name.com with your own domain name.

2. Remove the HTTP to HTTPS redirect you may have set up when you went to HTTPS. This will not apply if you set up your site initially with HTTPS. In our existing configuration, that means we needed to remove the redirect under <Virtualhost *:80>. This will look something like the following:

Redirect Permanent / https://your-site-name.com

You should remove that line.

3. In Apache, change the Virtualhost directive for your HTTPS port. To do this, change

<Virtualhost *:443>

into

<Virtualhost your-site-name.com:443>

If you don’t do this step, your visitors will see an infinite redirect loop and your page never loads.

4. Restart the web server. In our configuration, this is done by the following command:

service apache2 restart

Depending on your OS and Web Server, the command to restart the web server may be different.

Once you have completed the above steps, you have successfully migrated from HTTPS to HTTP. The caveat is that the client browser must not already have a cached version of you page. If your page is already cached, your visitors will see an infinite redirect loop. There are two ways to resolve this:

a. The visitor has to manually clear the browser cache. In fact, before you can test your own changes, You’ll need to manually clear the browser cache. If you do not, you’ll see an infinite redirect loop even if your setting changes were correct.

b. Use a different URL for your pages. This approach will ensure that the HTTP version loads. This approach has two disadvantages: First, the amount of effort to set up the appropriate redirects may be large. Second, changing URL’s may impact your site’s SEO traffic negatively. I do not recommend this approach if you have a large number of pages or already have a significant amount of traffic from search engines.

I looked into ways to force browsers to clear cache from the server side, but found that this is not possible, even when I modified the Header information. This means that, after you complete your HTTPS to HTTP migration, there will be a subset of your visitors who will have difficulties accessing your site, and that number can be substantial if you have a high percentage of return visitors. You’ll then need to weigh the relative impact of losing repeat traffic and the benefit of changing to HTTP before proceeding.

5. Update all your internal and external links. Technically the migration of your site from HTTPS to HTTP is complete if you executed steps 1-4 above, as all HTTPS calls will be redirected to their HTTP counterpart. However, you should still convert all the internal links that are HTTPS (don’t forget to update your non-relative links and your canonical URL) and all external links that are HTTPS (for example, update all your social profile links). That way, you preserve your web server resources by saving an unnecessary call.