yes and no.
If he wants to run his entire site in SSL because he believes he needs that much security, he's welcome to do so.
If that wasn't intentional, then I suspect his hosting company or whoever set up SSL for him doesn't know how to do it correctly and simply forced everything to be SSL using url-rewrites, and the better solution would have been to remove that rewrite and then simply be sure to use www. for both the http and https settings in configure.php
Bookmarks