Enable HSTS preload for this site and all subdomains problem
-
wrote on Nov 25, 2023, 9:50 AM last edited by LoudLemur Nov 25, 2023, 9:55 AM
After setting up a Cloudron site and installing an application on the bare domain, we tried to enable HSTS preloading. You can reach the site using an https:// address. The following error was returned when testing it here:
https://hstspreload.org/Error: www subdomain does not support HTTPS
Domain error: The www subdomain exists, but we couldn't connect to it using HTTPS ("tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match www.haggis.top"). Since many people type this by habit, HSTS preloading would likely cause issues for your site. -
L LoudLemur marked this topic as a question on Nov 25, 2023, 9:54 AM
-
After setting up a Cloudron site and installing an application on the bare domain, we tried to enable HSTS preloading. You can reach the site using an https:// address. The following error was returned when testing it here:
https://hstspreload.org/Error: www subdomain does not support HTTPS
Domain error: The www subdomain exists, but we couldn't connect to it using HTTPS ("tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match www.haggis.top"). Since many people type this by habit, HSTS preloading would likely cause issues for your site.wrote on Nov 25, 2023, 11:52 AM last edited by@LoudLemur I had no idea what HSTS Preloading is, but I just read https://www.howtogeek.com/devops/what-is-hsts-and-how-do-you-set-it-up/ and it sounds like it's best to proceed slowly with caution.
In your case it sounds like you're missing a wildcard certificate that covers all subdomains including www.
-
Have you seen https://docs.cloudron.io/apps/#hsts-preload ?