.htaccess

RewriteCond %{HTTPS} !=on
    # This checks to make sure the connection is not already HTTPS
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

+ certificate - https://www.sslforfree.com/

synopsis -

blogus.club - https

subsite.blogus.club, globus-s7.club - http

RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteCond %{HTTP_HOST} ^blogus\.club$ [NC]
RewriteRule .? https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 
 
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} ^subsite\.blogus\.club$ [NC]
RewriteRule .? http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} ^globus-s7\.club$ [NC]
RewriteRule .? http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

2-nd option of obtaining certificate - for shared servers

1. through bash client surf to  website.domain/public_html folder:
   mkdir certbot & cd certbot
   wget http://drupal.mamatuik.com/PALS/public/CENTOS7/certbot-auto
   chmod a+x ./certbot-auto
   ./certbot-auto {in case your server-setting allows you to execute such request}
    
2. cd../
   PRIVATE//:  openssl req -new -newkey rsa:2048 -nodes -keyout WEBSITE.DOMAIN.key -out WEBSITE.DOMAIN.csr
   nano website.domain.csr
3. follow to comodo certificate page
   paste created certificate data
   choose preferred method for validation
   cd website.domain/public_html
   mkdir .well-known
   mkdir .well-known/pki-validation
   nano {MD5=value}.txt
4. ! seems, certificate should be placed to etc/ssl