Cert for domain broke subdomain


#1

I have a CentOS 7/nginx server that contains many virtual hosts and have created a few certs (successfully!). I wanted to roll this out slowly so I can test a site at a time so I got and installed a cert for example.com.

I then tried to go to subdomain.example.com, which I have not touched at all, but the browser switches it to https and gives me an “insecure connection”.

I can’t figure out what is causing it to switch. In my config for the domain, I am using:

server { listen 80; server_name example.com www.example.com; if ($scheme = http) { return 301 https://$server_name$request_uri; } }
And for my subdomain:

server { listen 80; server_name subdomain.example.com; # etc }

I can comment out the redirect code but it still redirects.

Thanks for any insights.


#2

By any chance did you enable HSTS with includeSubDomains on the example.com domain? Either elsewhere in the configuration, or by sending a Strict-Transport-Security header from some software you’re running on that domain?


#3

I did have
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

in my conf. I commented that line out everywhere and reloaded ngnix. It still does the redirect, though.

I wondered if the browser was remembering, so I went to a new personality in Chrome and my page came back! So that was the problem. Thanks!

But now my problem is that I can’t view my site on Firefox. Is there a way to tell Firefox to stop redirecting to https for that site?


#4

If you add the header back in but set the max-age to 0, then Firefox should pick that up on its next HTTPS request and will then subsequently be able to access the subdomain via HTTP.