First of all i got a Ubuntu Server 14.04 with LetsEncrypt running. First time installed the certicates i choose the option Secure to put all the traffic into https://.
But now for some reason we have to test something without https, so first i did was removing the HTTPs lines in de .conf file from Apache2. But this didn’t work.
After that i tried to reconfigure on Easy mode for HTTP and HTTPS. But that doesnt seems the answer also. Also i tried to delete all the config files and even delete the Letsencrypt folder also. Created new .conf files but still it keeps the problem their.
Also its a Drupal website. Is their maybe something in Drupal that force the 443 port.
Seems like you added the HSTS header to your apache conf. This directive tells the browser visiting your site that for the max age configured in the directive, the browser should access your site always using https. So the “problem” is in your browser right now.
In your apache conf you should have/had something like this:
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Well, you have removed all your conf, even letsencrypt certs (I hope you have backups), so at this point you have three options:
1.- Remove your browser’s cache and try again to access your http site.
2.- Use a new and fresh browser so this browser doesn’t know yet about your hsts header and you could visit your site using http.
3.- Recover all the apache and letsencrypt files that you removed, edit apache conf and change the header directive using max-age=0, something like this: Header always set Strict-Transport-Security "max-age=0; includeSubdomains; preload"
Reload or restart apache and visit again your site, once visited the browser will ignore the htst header and you could access your site using only http.
Note: I don’t use Drupal so this issue could also be related to some redirect/rewrite performed in your drupal conf… that’s something that you should know.
I already reinstalled and configured LetsEncrypt agian. Because i cant acces the website otherwise. But the command u give me doesn’t give me any reply.
If you get no response then you have no files in your conf using Strict-Transport-Security header and you should recreate them to change the max-age (that’s the reason you should backup before remove any file ).
Anyway, did you try to clean your browser’s cache or/and a new and fresh browser just to be sure that the problem is actually the HTST header?.
Well, I don’t know what is your conf, but you should have a file similar to youdomain.tld.conf in /etc/apache2/sites-enabled/ dir and you should add the part for https, something like this:
<VirtualHost *:443>
DocumentRoot /path/to/your/site/documentroot
ServerName yourdomain.tld
ServerAlias www.yourdomain.tld
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.tld/privkey.pem
Header always set Strict-Transport-Security "max-age=0"
</VirtualHost>
Keep in mind that you should have the certs available in /etc/letsencrypt/live/yourdomain.tld/ or apache will refuse to start.
That’s because you have not enabled header module:
a2enmod headers
After that you should restart apache.
But if you are receiving this error and you didn’t touch your apache conf (apart from remove your virtualhost config file) then it is not possible that your problem could be the hsts header or it would have failed before…
Please, try to access your site with a fresh browser or tell me what is your domain so I can check whether it is being redirected to https site.
Ok, I checked your site and it is working fine in https mode (but I can’t see the header with max-age=0). You have a misconfiguration regarding your virtualhost listening in port 80. You are activating ssl in port 80 and you shouldn’t.
Post your virtualhost conf file and I’ll check it.
Edit: I mean that I can’t see the header with max-age=0
).