This is just one of those things that’s just so annoying to deal with as a developer. For whatever reason, you have traffic coming to an HTTPS link on your website, even though you don’t have an SSL. “Not a problem,” you say to yourself. “I’ll just redirect it to HTTP!” If only it were that easy. You’ll find if you try this that visitors who go to the HTTPS page get a big fat “Your connection is not private” warning. What’s going on? Why didn’t the redirect work?
Unfortunately, what’s happening is that the SSL transaction actually occurs before the redirect ever happens. I’m sure there are security reasons for this, as redirecting users that thought they were on a secure site without their knowledge could certainly be a problem. So what does this mean?
Q: How can I prevent the SSL error when redirecting to a non-SSL page?
A: You Can’t.
Sadly, there’s no way around this. It’s just one of those things I guess, like death and taxes. Your remaining options are to figure out a way to make sure nobody ends up on your HTTPS site by removing the erroneous links or whatever else you can do, or by just getting an actually SSL certificate and setting it up. That’s about it! Or if you really wanted to work hard, you could actually change the entire URL of your site and redirect the old one to it, ensuring that that the HTTPS version redirects to the new HTTP version. OH WAIT, you actually can’t because that involves a redirect and wouldn’t solve your problem. So, just focus on the first two.
This issue can also come up when an SSL certificate only covers, for example, the www version of your site but not the regular one. You might try to redirect users from the non-www site, but if they’re accessing it over SSL, they are still going to get that error before the redirect happens. If your site is important (and I’m sure it is since you’re bothering with SSL), and if many people are ending up in the wrong spot, you are going to want to invest in a second SSL to cover it. Nowadays I believe most SSLs you purchase are going to cover both www and non-www, but if not, you’re stuck!