Cert for domain broke subdomain

I have a CentOS 7/nginx server that contains many virtual hosts and have created a few certs (successfully!). I wanted to roll this out slowly so I can test a site at a time so I got and installed a cert for example.com.

I then tried to go to subdomain.example.com, which I have not touched at all, but the browser switches it to https and gives me an “insecure connection”.

I can’t figure out what is causing it to switch. In my config for the domain, I am using:

server { listen 80; server_name example.com www.example.com; if ($scheme = http) { return 301 https://$server_name$request_uri; } }
And for my subdomain:

server { listen 80; server_name subdomain.example.com; # etc }

I can comment out the redirect code but it still redirects.

Thanks for any insights.

By any chance did you enable HSTS with includeSubDomains on the example.com domain? Either elsewhere in the configuration, or by sending a Strict-Transport-Security header from some software you’re running on that domain?

I did have
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

in my conf. I commented that line out everywhere and reloaded ngnix. It still does the redirect, though.

I wondered if the browser was remembering, so I went to a new personality in Chrome and my page came back! So that was the problem. Thanks!

But now my problem is that I can’t view my site on Firefox. Is there a way to tell Firefox to stop redirecting to https for that site?

If you add the header back in but set the max-age to 0, then Firefox should pick that up on its next HTTPS request and will then subsequently be able to access the subdomain via HTTP.