currently I have a new plugin for Firefox which has version 2.0.0 and both plugin and update.rdf available via HTTPS connection, but I also have plugin with version 1.1.6 written by previous developer and update link in this plugin point resource with HTTP connection and this plugin has max version FF 3.6.* in compatibility section
I have created redirect from http://old_url/update.rdf to https://new_url/update.rdf and check what happen in Firefox console
I can't reach developer and can't login into his account at mozilla. I suppose that under his account at mozilla I can get open/private keys which I can used for creating signature.
What other ways to create correct update.rdf, so this plugin can be updated?
P.S. There is no way to issue update.rdf if previous install.rdf has updatekey and you didn't have private pair. ... but I have found the key
Signatures aren't linked to addons.mozilla.org accounts or anything like this. However, if your install.rdf file contains a public key (see https://developer.mozilla.org/en/Install_Manifests#updateKey) then you have to sign the update with a private key that matches the public key. Signing with a different private key won't work. That's the very point of signatures - only the person who owns this private key can publish updates. If the private key is lost you have to write off the users, maybe you can notify them about an update somehow but you won't be able to update them automatically.
While this won't help you with the previous version, please note that signing extensions isn't necessary if updates (both update.rdf and the actual XPI file) are served over HTTPS. Just don't include the updateKey entry in install.rdf.