Redirect TCP connections from port 443 to 80

Hello, I don't really get the statement about purchasing certs, if your HTTPS certificates expire client will have warning popups, regardless if this certificate is presented to the client by F5 via an sslprofile or by your server in a SSL pass-through scenario. What I usually see in these cases is using wildcard certificates for top level domain, that can be a match for multiple SNI's. 

This being said, if you need to modify traffic HTTPS or perform actions based on informations that are encrypted, you need SSL offloading since your iRule will likely require HTTP profile to retrieve such information and that won't work if traffic is encrypted. Without profiles, you're limited to L4 functionality so you could load balance request to port 80 on the backend, however this will still give SSL issues if F5 doesn't offload SSL connection on itself using a certificate.  

Instructions like an HTTP::redirect cannot be issued in a CLIENT_ACCEPTED event, once again because you will need HTTP profile to correctly parse traffic and identify informations. You can check valid events for HTTP::redirect instruction here. 

Another thing that I don't get is why you should configure a 443 Virtual Server if you plan to only use HTTP over port 80: if you already decided HTTPS protocol will be no more on the websites, just close port 443 completely.