Messed up access to site


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: asd-cert…net

I want to turn off HSTS
(I didn’t realise what is was, and am now stuck with it and my website is unavaliable.)
I just need some step by step instruction and have terminal SSH access to my server, I just don’t know where the configuration for either letsencrypt or Apache is for HSTS


#2

HSTS is enabled when you send a Strict-Transport-Security header and a browser sees that and remembers it. It only takes effect when sent over HTTPS, so if the HTTPS version of your site was never working, it will never have taken effect anyway.

If it was working and now you want to disable it, the only way to do so is to send the header again but with the max-age set to 0 (zero). The change will take effect when the browser receives this new header over HTTPS. This means the browser will have to access your site at least one more time over HTTPS before HSTS can be disabled.

Unfortunately this means that if the HTTPS version of your site isn’t working, you can’t disable HSTS as sending the new header over HTTP won’t have any effect.

If you’re in that situation, please post some more information about your setup so that we can help you get HTTPS working again. Once it’s working you’ll be able to disable HSTS if you still want to.

(I can’t tell if the extra dots are a mistake, or if this is a name you made up to replace your real domain?)

If your domain is indeed asd-cert.net, I can access it over HTTP but I get no response over HTTPS, which seems like it might be something like a firewall blocking connections to port 443?


#3

John,

Thanks for your quick and sympathtic response, and for checking the site out. (not sure where the extra full stops came from).

You came to it after I had reinstalled Apache2 and PHP 7.0 and had got HTTP working at least

This is a new Azure setup, whereas I’ve become used to working with Google Compute. I should have spotted the lack of an Azure Firewall setting to allow 443 (additional to Ubuntu’s internal Firewall). The final step was as simple as that.

Thanks again

Brian


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.