My server when down so I had to temporarily move sites to a public server. Now, everyone gets security errors accessing them. Seems like the bowsers are forcing http:// to https:// and then only way I know how to fix this is by clearing the browser’s cache. Not everyone knows how to or is willing to attempt this. Would revoking my certificates fix this, or is there a better way?
Your instincts are right, this is probably due to previously sending an HSTS header (or possibly a 301 redirect).
There’s no way to “undo” HSTS (or the 301 for that matter) except to have a valid certificate on the new server, and then sending the following header to flush out the previous HSTS header:
Strict-Transport-Security: max-age=0
Otherwise you are at the mercy of either the expiration time of the previous HSTS header, or the expiration of the browser’s 301 cache.
Thank you very much for the quick response.
Looks like I’m going to be getting a lot of complaints before my server gets back on-line.
Not a very good one. I’m using iPower.com as my public host and they don’t support Let’s Encrypt and their solution is kind of expensive for for the short period that I need it.
That’s unfortunate, so you can’t create DNS records on your domain or upload a text file to the server? Keep in mind that you can get a free certificate manually using something like ZeroSSL, which doesn’t require any software installation on the server.
Oh, I didn’t know that. I do have access to DNS record and I can upload text files to the server. I’ll research ZeroSSL. Thanks!
That didn’t seem to work. I get a the message that certificate is from *.ipower.com and not my domain. Bummer.
@_az’s solution still requires you to be able to install certificates on the server once you have them, since some hosting providers let you import externally-obtained certificates via a control panel interface. This can be done without installing any new software on the server but it still requires that the hosting provider allow you to import certificates somehow.
I used the method of HTTP verification which entailed uploaded a text file to the server. Validation was confirmed, but ipower.com, the public server that I am using to temporarily host my site, is somehow intercepting. I which I know how to get this to work… Any knowledge would be appreciated.
You will need to be able to upload your certificate to the ipower server. In this case ipower needs to provide you with a mechanism to do so; if they don’t, then you can’t.
Hi,
Ipower.com doesn’t allow users to install certificate by themself, according to the knowledge base.
Unless you pay a extremely high certificate fee, you won’t be able to use your own domain in https mode.
Thank you
Yeah, that’s what I thought. Oh, well. I tried.
I guess things will have to wait to return to normal after my server is repaired.
Thanks.
1 Like
Perhaps something like Cloudflare might work as a temporary solution here? At least it should stop the browsers from complaining while you get the server back up and running.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.