Enable HSTS preload for this site and all subdomains problem
-
After setting up a Cloudron site and installing an application on the bare domain, we tried to enable HSTS preloading. You can reach the site using an https:// address. The following error was returned when testing it here:
https://hstspreload.org/Error: www subdomain does not support HTTPS
Domain error: The www subdomain exists, but we couldn't connect to it using HTTPS ("tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match www.haggis.top"). Since many people type this by habit, HSTS preloading would likely cause issues for your site. -
L LoudLemur marked this topic as a question on
-
@LoudLemur I had no idea what HSTS Preloading is, but I just read https://www.howtogeek.com/devops/what-is-hsts-and-how-do-you-set-it-up/ and it sounds like it's best to proceed slowly with caution.
In your case it sounds like you're missing a wildcard certificate that covers all subdomains including www.
