My site keeps trying to reach https

nspeaks · May 7, 2018, 8:49am

My site was hosted on Vultr few days back where it was working nicely. For some reason, I decided to switch to Digitalocean. I was using letsencrypt via Apache server on Vultr. On Digitalocean I opted for Nginx. Now I didn’t transfer the letsencrypt certificate thinking that I will create a new one after shifting. That shouldn’t cause a problem right?

Now the issue is my domain doesn’t open anymore after shifting. Everytime I try to open, it ends up trying to open https://nspeaks.com which obviously won’t work anymore. It doesn’t try to access http version at all. The ip address of the droplet at Digitalocean is working perfectly. Just not being able to access via domain name anymore. I double checked the nginx configuration which is set correctly.

Why does my site try to open https version? Where to look? I have flushed dns caches everywhere. I have tried via multiple devices. Site will show as down in uptime services. nslookup says it points to digitalocean. What should I do?

My domain is: nspeaks.com

I ran this command: N/A

It produced this output: N/A

My web server is (include version): Nginx 1.14

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Digitalocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

rg305 · May 7, 2018, 9:14am

I’m seeing 502 errors accessing your site via HTTP.
And the HTTPS connections are being refused.

The browser may automatically switch to https when http fails.
http connections return:
HTTP/1.1 400 Bad Request
Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 07 May 2018 09:20:33 GMT
Content-Type: text/html
Content-Length: 182
Connection: close

<html>
<head><title>400 Bad Request</title></head>
<body bgcolor=“white”>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.14.0 (Ubuntu)</center>
</body>
</html>

jmorahan · May 7, 2018, 11:24am

Ordinarily no, but your domain name is on the HSTS preload list. So any web browser that supports this will refuse to connect to it over HTTP.

You should still be able to get a certificate though, try certbot --nginx

If you no longer want to be on the preload list you can file a removal request but beware that it may take a long time to process and you'll probably have to fix this issue first anyway.

nspeaks · May 7, 2018, 2:46pm

Damn. I had totally forgotten about the HSTS list. And yes I tried creating the certificate earlier but it failed giving the following error:

Failed authorization procedure. www.nspeaks.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.nspeaks.com/.well-known/acme-challenge/y-aYW6cZKh8EAL690cQvWz33jKb4r2A-m_zwbemsuqo [45.32.238.254]: 500

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.nspeaks.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.nspeaks.com/.well-known/acme-challenge/y-aYW6cZKh8EAL690cQvWz33jKb4r2A-m_zwbemsuqo
   [45.32.238.254]: 500

But thankfully, it worked the second time. Thanks a ton. Everything seems to be working now.

system · June 6, 2018, 2:46pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.