I also had 401 in there instead of 404.
The corrected code made no difference.
This is what my webhost wrote a few days ago.
I have looked into this issue and found that the ssl cert that the sites are loading is the one that belongs to the server that your account is hosted on. I consulted with an escalation tech and was told that unfortunately there is not a way to turn off that notification for your account.
a day later
If you had a dedicated IP, then we may be able to close port 443. But that wouldn’t redirect anyone, they just wouldn’t connect.
The bottom line is that on shared servers, http users carry a burden for https users. The burden appears to be an “error” designed to create business.
this code
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^robots\.txt$ robots_ssl\.txt [L]
appears to be the only code that can do what it was written to do.
That seems to be a lot of nonsense from you host - care to name them?
IF they have enabled mod_rewrite AND allowed you to change .htaccess (or whatever they may have renamed it as), then
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule .? http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
is all you need to redirect from their secure server and tell SE’s to update because that redirection is permanent.
If that does not work, I’d strongly recommend finding a good host (I always add the recommendation for my host, WebHostingBuzz.com or .uk, but any good host would do the trick for you).
I didn’t see that code in your tutorial article. I couldn’t get it to work. I used it for both htaccess files. I have RewriteEngine on as the first line in each of the htaccess files. I named the webhost on this page. I’ll look into the webhost you suggest.
I put in canonicals for the 14 pages. Hopefully google will see that the https pages are exactly the same in content and extremely similar in address to the http versions, and so dump the https pages.
Nothing I can imagine. To me, it’s insane (and an excellent reason to leave Bluehost - RUNNING!).
Okay, that said, I offer to share my secure server with my clients but that means that they must link to https://{my_domain}/{client_domain}/{secure_page} which is NOT what you’ve encountered.
In fact, what Bluehost seems to be doing is diluting the value of a secure server by forcing everyone to use it! If that isn’t insane, they should explain it to their clients (which I will never be with a stunt like this).
If there is a Bluehost rep crawling this board, would you care to explain the “logic” of this to us here?
This is their reply they sent to me saying their reply is a reply they found on google groups:
Google is simply providing information about the server response for https access to your url. If it responds but the SSL cert does not match the domain, the warning tells you that.
All this means is that the server has port 443 enabled so that https can be accessed on it. There is an SSL cert on the server but it is not for your specific site, hence the warnings you’d get when trying to access your domain’s url using https.
Hosters typically install a self-signed SSL cert applicable to the server but not to any specific website on the server in order to facilitate certain backend functions that may require https (Cpanel, WHM, webmail, etc).
If your site does resolve via https (warning aside), then you can 301 redirect https to http on your site unless you prefer to get your own SSL cert so as to get rid of the browser warning.
If your https url does not resolve to your actual site (after accepting the warning), then you cannot do anything about it except ask the hoster if they can close port 443."
No, it does NOT sound correct. Certs are assigned to domains and, if your domain does not have a cert, it should not be able to provide any response via port 443.
I share my cert with my clients but, to gain access via HTTPS, I must request MY domain with their subdirectory and file. That is certainly not what has been described to you. My clients cannot use HTTPS to gain access to their domain (directly).
Again, though, if there is a Bluehost rep running around this board, please step up and tell me (and Chris77) where I’m going wrong.
They said that 443 is open for all domains on shared servers. Like when you buy most things, you can see it but you can’t have it until you buy it. They said the problem is actually google who has just recently started checking whether the 443 port is open for sites. The battle that started between the online software industry and the government (over snooping) has google looking to see what sites have an open 443 port, and I guess, if it’s open it assumes it’s an https site.