Changing servers, and removing cert


#1

Hi guys, total noobie here :slight_smile:

I have a domain name dontbekak.co.za, and used it to test letsencrypt on a webserver I set up.

I am done testing and changed the IP where the A record is pointing to back to my old server.
How do I remove the SSL from that domain name, as currently chrome is blocking me from accessing it because of the fact that it was encrypted with an ssl cert?
Thanks so much in advance!!


#2

Are you sure you didn’t somehow enable HSTS (sending a Strict-Transport-Security header)? Chrome has the behavior you describe in response to HSTS, but not with HTTPS sites in general.


#3

Don’t think so, I installed it as per the following article:

Here is my params.conf file used to secure nginx, as you can see any HSTS lines are commented out:

from https://cipherli.st/

and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

Disable preloading HSTS for now. You can use the commented out header line that includes

the “preload” directive if you understand the implications.

#add_header Strict-Transport-Security “max-age=63072000; includeSubdomains; preload”;
add_header Strict-Transport-Security “max-age=63072000; includeSubdomains”;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

ssl_dhparam /etc/ssl/certs/dhparam.pem;

Thanks for replying :slight_smile:


#4

Perhaps Chrome just has the URL cached and goes to it if you specify it without a protocol scheme? What happens if you explicitly ask for http://dontbekak.co.za/?


#5

Defers to https, Believe you are right, seems to be my browser :slight_smile: Thanks! xD

Found this on removing HSTS crud from your browser:

http://classically.me/blogs/how-clear-hsts-settings-major-browsers
Looks like that was it :slight_smile:


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.