Let's Encrpt setup on main domain and some subdomains, but not all subdomains


#1

My domain is: rebelpixel.com
My operating system is (include version): Ubuntu 16.04
My web server is (include version): Nginx 1.10
My hosting provider, if applicable, is: VPS on Linode

I actually managed to install my certificate, but my problem is related to using the certificates on my main domain and some subdomains, but not all of my subdomains.

Currently I use the cert and configured nginx for my main site, accessible at http://rebelpixel.com and the www counterpart. I also enabled it for cache.rebelpixel.com and similar formats, to allow for parallel requests. This part is working fine without issues.

My problem is related to my other subdomains. I have for example http://lyrics.rebelpixel.com and http://pbb.rebelpixel.com and they are on the same server/IP as my main site, but I don’t want to use the cert for them – I just want plain http for these sites. Now they’re no longer accessible.

I also have other subdomains of that main domain that point to other VPS/IP locations, now they’re no longer accessible via normal http since for some reason, https is being enforced for all my subdomains.

Is there a way to only use https for only the main domain and subdomains I want, but use simple http for the others?


#2

In your configuration for your main domain you are sending out the header

Strict-Transport-Security: max-age=63072000; includeSubdomains

Hence this is being obeyed by your browser, and insisting on https.

I’d suggest removing the “includeSubdomains” since you don’t want that to be true :wink:

You will need to visit your main site in your browser, for it to pick up the new info once you have changed it.


#3

Thanks!

I kinda figured that out too after reading more threads here. Realized something though:

max-age=63072000; includeSubdomains;

Using these two parameters incorrectly can break a lot of things for many users if they’re not careful.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.