I am running certbot on Debian 8 with nginx installed.
I enabled TLS for mydomain.com.
And it worked well.
But as soon as I did that, the browser somehow remembered it, and now it will only access my domain with httpseven when I try to access some subdomain like sub.mydomain.com.
Which is not TLS enabled and thus throw a ERR_CERT_COMMON_NAME_INVALID error.
Can I keep http only on my sub domains while still having https enabled on my main domain ?
EDIT
I think I may have found the reason, which could be this settings I have : add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
Could you comfirm that would be the reason ? Also can I safely remove it and will my changes apply due to max-age statement ?
Issue a certificate for sub.mydomain.com as well as mydomain.com.
Configure the nginx server block for sub.mydomain.com to redirect HTTPS requests to HTTP.
So essentially, to have no SSL successfully, you need SSL.
It’s also possible that you accidentally included HSTS headers with includeSubdomains, which is why your browser is trying to use HTTPS. In that case, remove includeSubdomains and clear your browser’s HSTS cache.
You’ll also need to flush your browser’s HSTS cache. if any of your visitors already saw the HSTS header, then there’s nothing you can really do other than take my advice regarding having a certificate for the subdomain as well.