All domains over http except for one

I have a new issue now in that I have 86 domains and they all run on http only. I have a new domain that runs on https.
All of these domains start with a sub domain eg,,, etc
If a user types it forces over https which is correct and does work over http, but if a user types over https I get an invalid certificate error. I do get this because does not have a certificate, but it seems as though it wants to apply 's certificate to all the other domains. I tried the following code in my https section, but does not seem to work:

acl homedot hdr_beg(host) -i home.
acl mainhome hdr(host) -i
redirect scheme http if homedot { ssl_fc } !mainhome

Any help would be appreciated.

With http/https SSL negotiation happens before http headers are transmitted. Going to one of the “other” domains (,, …) with https will start the SSL negotiation and fail because you do not have a valid certificate for them. HTTP redirects happen after SSL negotiation is complete. Here are a couple of options.

  1. You could use two different frontends. One for SSL enabled domains and one for domains which do not have SSL. This would require that you have multiple IP addresses. This way you can use SNI to load multiple certificates so that the SSL negotiation happens correctly.

  2. If you happen to be hosted in Amazon AWS, they will generate free certificates as long as you terminate SSL at their load balancer. The load balancer costs a flat rate of $18 per month plus traffic/usage. We use this option and have several hundred domains with dozens of wildcard ssl certificates. We terminate SSL at AWS ec2 ELBs and then send traffic to a set of haproxy load balancers. The SSL certs are “trusted” by basically everything (including java). We have millions of end users using our product with no issues.

Hi dtorgo, that make sense, thanx for that. No we do not use AWS. I addd a second IP and set up HAP to listen on port 443 on the new IP but with no cert. Then I just added the acl after that.

Awesome, thank you.