I don't want all my domains to be forced to https://


#1

I ran this command the following command and was able to successfully get a SSL certificate to work on my domain: ./letsencrypt-auto --apache -d example.com -d www.example.com

My understanding is that, in the above case, example.com is my base domain. An issue that’s arisen from that, however, is that other domains on my server are now being forced to https:// versions—and I don’t want some of my domains to have an SSL certificate. Resultantly, those other domains are throwing errors. Is there a way so that I can disable my setup from making all my domains https? And when I do want to add a domain to get a certificate and go through Letsencrypt, do I just basically run ./letsencrypt-auto --apache -d mydomain.com?

I’m .htaccess routing my www.mydomain.com to go to mydomain.com, so I’m figuring I won’t need to include the non-www version of my domain when I run the command. Is that the case?

Thanks!
My web server is (include version): Apache, Ubuntu 16.04


#2

Sounds like you have HSTS enabled. To disable it you’ll need to find where the Strict-Transport-Security header is set and change the max-age to 0, then visit the site.

When adding new domains you need a -d flag for every name the cert will be used with including any redirects, so with and without www. if these both exist. If you’re adding names to an existing cert use the --expand flag to replace the existing cert instead of keeping both.


#3

@cool110 I just checked and HSTS is not enabled, but it keeps trying to redirect, throwing an error that reads this on browsers like Chrome: NET::ERR_CERT_COMMON_NAME_INVALID

Any other possibility of why it’s redirecting to https://? My domain’s config file in my sites-available directory is also set to just the http://. It’s set like this:

RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com [OR]
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ http://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.