My SSL certificate expired recently and I have been trying to disable SSL temporarily until I can get it renewed however something keeps redirecting the subdomain www. to HTTPS://
It's not the .htaccess file and httpd.conf is set up with a VirtualHost for unsecured connections:
<VirtualHost *:80>
ServerAdmin example@example.com
DocumentRoot /var/www/example.com/public_html
ServerName www.example.com
ServerAlias example.com
ErrorLog /var/www/example.com/error.log
CustomLog /var/www/example.com/access.log common
<Directory "/var/www/example.com">
AllowOverride All
</Directory>
</VirtualHost>
example.com works fine, but if I visit www.example.com it's redirected to HTTPS://
What else could it be?
Best Answer
If your website used HTTP
Strict-Transport-Security(RFC6797) in the past, it explains that regardless of the current config of the webserver, any client, which previously connected to the website, continues to try to connect to your website using HTTPS.You can check if that's the case using your browser's inspector (in Firefox, CTRL+Shift+I, then Network, F5, click on the request and then on tab security). Unfortunatly, there is not much you can do, as
Strict-Transport-Securitywill prevent any attempt to visit your website without TLS for a long time (usually a few months).Therefore I would advise to replace the certificate as soon as possible, as this mitigation cannot be effective for any previous visitor of the website.