Hey friend,

That can be a tough question, as the steps are very relative. I’m going to make up a scenario and tell you how to remove SSL under that scenario, because the high level here is entirely too vague.

Here’s my scenario: Apache, Ubuntu, Wordpress, LetsEncrypt. Wordpress is not using a plugin to force SSL and is using the site URL configuration for https. The Apache SSL config is /etc/apache2/sites-enabled/site1-ssl.conf.

Step 1: Change site URL in Wordpress. Log in to /wp-admin, go to settings, change URL to remove https. This prevents requests to the site from redirecting to https.

Step 2: Remove virtual host with command: a2dissite site1-ssl

Step 3: Restart Apache with: systemctl restart apache2

Now here’s the problem. Most web browsers these days continually default to https on a site that has been previously visited that supports SSL. In fact, sometimes browsers will specifically take your “http://myurl.com” and turn it into “https://myurl.com” whether you want it to or not, simply because the last time you visited successfully it was under the https URL. Insert frustrated visitors and hard times, as well as a loss of SEO due to Google now favoring sites with SSL. Adding insult to injury, everyone is continually working against your site and browsers may eventually display “unsafe” warnings to your visitors because they want you to use SSL.

My advice is that you renew the SSL certificates. LetsEncrypt could be as easy as running the command “le-renew” but it’s really relative to how they set it up. If they used Apache, certbot is easy: https://certbot.eff.org/

If they used Nginx it could be just as easy, but again depends on how they did it. Is it possible for you to find out from them how they intended to manage that? It might save you some time.

Jarland