HTTPS is served (typically) on port 443, and HTTP is served (typically) on port 80.
If you send the wrong kind of data to a particular server, it will detect a protocol violation and send an error back.
It is very common to run both HTTP and HTTPS servers on the same domain. In the best of worlds, the HTTP server simply does a permanent redirect to the HTTPS version of the same resource for GET/OPTIONS/HEAD, and returns an error for POST/PUT/DELETE. Although some servers accept the same requests on HTTPS and HTTP, for legacy or simplicity reasons.

You also seem to believe that a HTTPS server needs to be "certified" and is somehow more secure than a HTTP server.
This is not true. A HTTPS server does need a signed certificate (which is a data file) to be able to properly identify itself to clients that connect, so that the client can known that the server on the other end actually is "citibank.com" like in the URL, and not "myversionofcitibank.com."
However, there is no security or operational differences in the hardware/software actually running on the machines.
The only difference is that HTTPS makes it harder to read the data while it's on the wire (if you can read packets on the wire,) and also makes it harder to pretend to be a domain you aren't authorized for (if you can hijack DNS somehow.)
Something (bugs, bad code, etc) that's insecure on the client when using HTTP, is still insecure when using HTTPS.
Something (bugs, bad code, etc) that's insecure on the server when using HTTP, is still insecure when using HTTPS.

Btw: You can now get free HTTPS certificates for your domain by jumping through a very small amount of hoops.
Check out letsencrypt.org!
(Some hosting providers even have a checkbox to do this for you; such as DreamHost)