Cert for new server under subdomain with preloaded HSTS

Hi all,

I just started second server uder subdomain that uses preloaded HSTS. Certbot can’t issue certificate, probably due to HSTS enabled (long term).

certbot certonly --webroot -w [path to my vhost root] -d [ subdomain.for my domain ]

I suspect that during verification, process pure HTTP connetcion is impossible (because of preloaded hsts it’s redirected automatically to HTTPS), and HTTPS connection is impossible due to not trusted cert under HSTS domain. Any idea how to solve this issue?



Let’s Encrypt’s systems pay no heed to HSTS. So that won’t be the cause of any trouble. Likewise it doesn’t check certificates for HTTPS because it’s their job to validate your control and just relying on another certificate short circuits that validation. Probably best to report what errors you get?

1 Like

This was my fault… web server misconfiguration. Sorry for trouble.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.