I have a problem with HSTS on my Apache2 server:
I run a Nextcloud server at home on Debian 10 which is accessible from the internet via DynDNS. A redirect to HTTPS and the associated certificates to the domain are set up via Letsencrypt.
From the Internet everything works
From the LAN / WLAN everything works too
You cannot visit www.sascha-kissner.de right now because the website uses HSTS
My Apache ssl.conf states:
<IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" Header always set X-Frame-Options "sameorigin"
Does anyone have an idea what is wrong here or where I can still look? I would like to continue using the "Private DNS" under Android.
Thanks for your tips.