Fundamentally, that’s a problem. When communicating over HTTPS, the TLS communication layer is set up before anything is exchanged, i.e. the warning about the certificate happens before any information about the website is transferred. So a Certificate is needed to allow a browser to connect when https is defined, self signed or not.
Ideally, and for ‘best practice’ we should really be encouraging people to use HTTPS as default (I realise this is an expense and can be annoying with certificates, and whilst there shouldn’t be anything wrong with self signed certificates, there often are problems and browser messages etc).
Even if you have an application server which ‘can only do http’, best practice is generally to front that application server with a Web Server (such as nginx or lighthttpd or some form of load balancer) which also will provide your https termination. – which is what you seem to have done with your httprewrite which forwards the request to your site.
You might find some cheap SSL-certificate providers which are installed in most browsers though?