I am running certbot on Debian 8 with nginx installed.
I enabled TLS for
And it worked well.
But as soon as I did that, the browser somehow remembered it, and now it will only access my domain with
https even when I try to access some subdomain like
Which is not TLS enabled and thus throw a
Can I keep
http only on my sub domains while still having https enabled on my main domain ?
I think I may have found the reason, which could be this settings I have :
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
Could you comfirm that would be the reason ? Also can I safely remove it and will my changes apply due to
max-age statement ?