Subdomain without SSL redirected

My domain is: modrealms.net (specifically vote.modrealms.net)

I ran this command: certbot-auto --nginx

It produced this output: Asked for comma-delimited list of my domains which are;

My operating system is (include version): Debian 8

My web server is (include version): Nginx 1.6.2

My hosting provider, if applicable, is: OVH dedicated server

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Details:
I accidently included a non-ssl subdomain in the list of sites to add to the certificate and then chose to only allow https connections (as part of the original command). This subdomain uses iframes to third party sites and as such cannot be secure. I have since tried to revert this change by;

  1. Re-executing the command and only selecting the correct subdomains
  2. Re-executing the command and allowing non-https connections (I figure this does nothing).
  3. Stop the subdomain listening on port 443 by removing lines from the “nginx/sites-available/vote” config.

My question, what actions could be causing this redirection to https?

Thanks and apologies for any missing information.

There’s no redirection for me, you could still be seeing it for 2 reason.

modrealms.net is sending an HSTS header. Currently this doesn’t have the includeSubDomains directive, but if it did before then browsers that visited the site then will not be able to use HTTP for the duration of the max-age.

The other possibility is that your browser has cached the redirect and is using that without contacting the server.

Thanks.

It was to do with the “max-age”. I put a max-age header on the vote site of 0 and refreshed, after that I am able to go to the site via http. Hoping that only a few of my users visited the page during the time the max-age was on the vote site (about 1hr I think…).

Cheers!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.