SSL on domain but not on subdomains

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












Good afternoon.



I have a website running on https://www.example.org/
I intend to create the http://sub.domain.com/ [without SSL].



I am running apache2 on ubuntu16 server.



I want the subdomain to remain http and the main domain to remain https.
what should i do? i have tried literally everything.
Thanks.



At the moment the settings are as it follows:



000-default.conf:



<VirtualHost *:80>
 ServerName www.example.com
 Redirect permanent "/" "https://www.example.com/"
 #SSLProtocol all -SSLv2 -SSLv3
 ServerAdmin contact@example.com
 DocumentRoot /var/www/html
 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined
</VirtualHost>
<VirtualHost *:80>
 ServerName games.example.com
 ServerAdmin contact@example.com
 DocumentRoot /var/www/games
 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined
</VirtualHost>
<VirtualHost *:80>
 ServerName planets.example.com
 ServerAdmin contact@example.com
 DocumentRoot /var/www/2moons
 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined
</VirtualHost>


default-ssl/conf:



<IfModule mod_ssl.c>
<VirtualHost _default_:443>
 ServerAdmin contact@example.com
 ServerName www.example.com

 DocumentRoot /var/www/html

 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined

 SSLEngine on

 SSLCertificateFile /etc/ssl/certs/certificate.crt
 SSLCertificateKeyFile /etc/ssl/private/private.key

 <FilesMatch ".(cgi|shtml|phtml|php|jpg)$">
 SSLOptions +StdEnvVars
 </FilesMatch>
 <Directory /usr/lib/cgi-bin>
 SSLOptions +StdEnvVars
 </Directory>

 BrowserMatch "MSIE [2-6]" 
 nokeepalive ssl-unclean-shutdown 
 downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>





ubuntu ssl https subdomain apache2







share|improve this question









New contributor




AlphabetoPT is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • What issues are you having? Are you able to access http://games.example.com/, or does something not work when you try?
    – ceejayoz
    1 hour ago











  • @ceejayoz this happens. prntscr.com/ldlc3w
    – AlphabetoPT
    1 hour ago










  • Are you saying that going to the http://games.example.com/ URL does a redirect to https://games.example.com/? Because I can get to http://games.followarmy.com/ without any issues. I can't get to the HTTPS version, because you don't have an SSL certificate for it. That's how things are supposed to work.
    – ceejayoz
    1 hour ago











  • @ceejayoz i cant access games.followarmy.com
    – AlphabetoPT
    1 hour ago






  • 1




    It works fine here; says "TEST" in all caps. Try clearing your caches; if the URL was at some previous point returning a permanent redirect, your browser will have cached that.
    – ceejayoz
    1 hour ago














up vote
1
down vote

favorite












Good afternoon.



I have a website running on https://www.example.org/
I intend to create the http://sub.domain.com/ [without SSL].



I am running apache2 on ubuntu16 server.



I want the subdomain to remain http and the main domain to remain https.
what should i do? i have tried literally everything.
Thanks.



At the moment the settings are as it follows:



000-default.conf:



<VirtualHost *:80>
 ServerName www.example.com
 Redirect permanent "/" "https://www.example.com/"
 #SSLProtocol all -SSLv2 -SSLv3
 ServerAdmin contact@example.com
 DocumentRoot /var/www/html
 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined
</VirtualHost>
<VirtualHost *:80>
 ServerName games.example.com
 ServerAdmin contact@example.com
 DocumentRoot /var/www/games
 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined
</VirtualHost>
<VirtualHost *:80>
 ServerName planets.example.com
 ServerAdmin contact@example.com
 DocumentRoot /var/www/2moons
 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined
</VirtualHost>


default-ssl/conf:



<IfModule mod_ssl.c>
<VirtualHost _default_:443>
 ServerAdmin contact@example.com
 ServerName www.example.com

 DocumentRoot /var/www/html

 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined

 SSLEngine on

 SSLCertificateFile /etc/ssl/certs/certificate.crt
 SSLCertificateKeyFile /etc/ssl/private/private.key

 <FilesMatch ".(cgi|shtml|phtml|php|jpg)$">
 SSLOptions +StdEnvVars
 </FilesMatch>
 <Directory /usr/lib/cgi-bin>
 SSLOptions +StdEnvVars
 </Directory>

 BrowserMatch "MSIE [2-6]" 
 nokeepalive ssl-unclean-shutdown 
 downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>





ubuntu ssl https subdomain apache2







share|improve this question









New contributor




AlphabetoPT is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • What issues are you having? Are you able to access http://games.example.com/, or does something not work when you try?
    – ceejayoz
    1 hour ago











  • @ceejayoz this happens. prntscr.com/ldlc3w
    – AlphabetoPT
    1 hour ago










  • Are you saying that going to the http://games.example.com/ URL does a redirect to https://games.example.com/? Because I can get to http://games.followarmy.com/ without any issues. I can't get to the HTTPS version, because you don't have an SSL certificate for it. That's how things are supposed to work.
    – ceejayoz
    1 hour ago











  • @ceejayoz i cant access games.followarmy.com
    – AlphabetoPT
    1 hour ago






  • 1




    It works fine here; says "TEST" in all caps. Try clearing your caches; if the URL was at some previous point returning a permanent redirect, your browser will have cached that.
    – ceejayoz
    1 hour ago












up vote
1
down vote

favorite









up vote
1
down vote

favorite











Good afternoon.



I have a website running on https://www.example.org/
I intend to create the http://sub.domain.com/ [without SSL].



I am running apache2 on ubuntu16 server.



I want the subdomain to remain http and the main domain to remain https.
what should i do? i have tried literally everything.
Thanks.



At the moment the settings are as it follows:



000-default.conf:



<VirtualHost *:80>
 ServerName www.example.com
 Redirect permanent "/" "https://www.example.com/"
 #SSLProtocol all -SSLv2 -SSLv3
 ServerAdmin contact@example.com
 DocumentRoot /var/www/html
 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined
</VirtualHost>
<VirtualHost *:80>
 ServerName games.example.com
 ServerAdmin contact@example.com
 DocumentRoot /var/www/games
 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined
</VirtualHost>
<VirtualHost *:80>
 ServerName planets.example.com
 ServerAdmin contact@example.com
 DocumentRoot /var/www/2moons
 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined
</VirtualHost>


default-ssl/conf:



<IfModule mod_ssl.c>
<VirtualHost _default_:443>
 ServerAdmin contact@example.com
 ServerName www.example.com

 DocumentRoot /var/www/html

 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined

 SSLEngine on

 SSLCertificateFile /etc/ssl/certs/certificate.crt
 SSLCertificateKeyFile /etc/ssl/private/private.key

 <FilesMatch ".(cgi|shtml|phtml|php|jpg)$">
 SSLOptions +StdEnvVars
 </FilesMatch>
 <Directory /usr/lib/cgi-bin>
 SSLOptions +StdEnvVars
 </Directory>

 BrowserMatch "MSIE [2-6]" 
 nokeepalive ssl-unclean-shutdown 
 downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>





ubuntu ssl https subdomain apache2







share|improve this question









New contributor




AlphabetoPT is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











Good afternoon.



I have a website running on https://www.example.org/
I intend to create the http://sub.domain.com/ [without SSL].



I am running apache2 on ubuntu16 server.



I want the subdomain to remain http and the main domain to remain https.
what should i do? i have tried literally everything.
Thanks.



At the moment the settings are as it follows:



000-default.conf:



<VirtualHost *:80>
 ServerName www.example.com
 Redirect permanent "/" "https://www.example.com/"
 #SSLProtocol all -SSLv2 -SSLv3
 ServerAdmin contact@example.com
 DocumentRoot /var/www/html
 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined
</VirtualHost>
<VirtualHost *:80>
 ServerName games.example.com
 ServerAdmin contact@example.com
 DocumentRoot /var/www/games
 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined
</VirtualHost>
<VirtualHost *:80>
 ServerName planets.example.com
 ServerAdmin contact@example.com
 DocumentRoot /var/www/2moons
 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined
</VirtualHost>


default-ssl/conf:



<IfModule mod_ssl.c>
<VirtualHost _default_:443>
 ServerAdmin contact@example.com
 ServerName www.example.com

 DocumentRoot /var/www/html

 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined

 SSLEngine on

 SSLCertificateFile /etc/ssl/certs/certificate.crt
 SSLCertificateKeyFile /etc/ssl/private/private.key

 <FilesMatch ".(cgi|shtml|phtml|php|jpg)$">
 SSLOptions +StdEnvVars
 </FilesMatch>
 <Directory /usr/lib/cgi-bin>
 SSLOptions +StdEnvVars
 </Directory>

 BrowserMatch "MSIE [2-6]" 
 nokeepalive ssl-unclean-shutdown 
 downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>





ubuntu ssl https subdomain apache2




ubuntu ssl https subdomain apache2






share|improve this question









New contributor




AlphabetoPT is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




AlphabetoPT is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 1 hour ago





















New contributor




AlphabetoPT is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 1 hour ago









AlphabetoPT

61




61




New contributor




AlphabetoPT is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





AlphabetoPT is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






AlphabetoPT is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











  • What issues are you having? Are you able to access http://games.example.com/, or does something not work when you try?
    – ceejayoz
    1 hour ago











  • @ceejayoz this happens. prntscr.com/ldlc3w
    – AlphabetoPT
    1 hour ago










  • Are you saying that going to the http://games.example.com/ URL does a redirect to https://games.example.com/? Because I can get to http://games.followarmy.com/ without any issues. I can't get to the HTTPS version, because you don't have an SSL certificate for it. That's how things are supposed to work.
    – ceejayoz
    1 hour ago











  • @ceejayoz i cant access games.followarmy.com
    – AlphabetoPT
    1 hour ago






  • 1




    It works fine here; says "TEST" in all caps. Try clearing your caches; if the URL was at some previous point returning a permanent redirect, your browser will have cached that.
    – ceejayoz
    1 hour ago
















  • What issues are you having? Are you able to access http://games.example.com/, or does something not work when you try?
    – ceejayoz
    1 hour ago











  • @ceejayoz this happens. prntscr.com/ldlc3w
    – AlphabetoPT
    1 hour ago










  • Are you saying that going to the http://games.example.com/ URL does a redirect to https://games.example.com/? Because I can get to http://games.followarmy.com/ without any issues. I can't get to the HTTPS version, because you don't have an SSL certificate for it. That's how things are supposed to work.
    – ceejayoz
    1 hour ago











  • @ceejayoz i cant access games.followarmy.com
    – AlphabetoPT
    1 hour ago






  • 1




    It works fine here; says "TEST" in all caps. Try clearing your caches; if the URL was at some previous point returning a permanent redirect, your browser will have cached that.
    – ceejayoz
    1 hour ago















What issues are you having? Are you able to access http://games.example.com/, or does something not work when you try?
– ceejayoz
1 hour ago





What issues are you having? Are you able to access http://games.example.com/, or does something not work when you try?
– ceejayoz
1 hour ago













@ceejayoz this happens. prntscr.com/ldlc3w
– AlphabetoPT
1 hour ago




@ceejayoz this happens. prntscr.com/ldlc3w
– AlphabetoPT
1 hour ago












Are you saying that going to the http://games.example.com/ URL does a redirect to https://games.example.com/? Because I can get to http://games.followarmy.com/ without any issues. I can't get to the HTTPS version, because you don't have an SSL certificate for it. That's how things are supposed to work.
– ceejayoz
1 hour ago





Are you saying that going to the http://games.example.com/ URL does a redirect to https://games.example.com/? Because I can get to http://games.followarmy.com/ without any issues. I can't get to the HTTPS version, because you don't have an SSL certificate for it. That's how things are supposed to work.
– ceejayoz
1 hour ago













@ceejayoz i cant access games.followarmy.com
– AlphabetoPT
1 hour ago




@ceejayoz i cant access games.followarmy.com
– AlphabetoPT
1 hour ago




1




1




It works fine here; says "TEST" in all caps. Try clearing your caches; if the URL was at some previous point returning a permanent redirect, your browser will have cached that.
– ceejayoz
1 hour ago




It works fine here; says "TEST" in all caps. Try clearing your caches; if the URL was at some previous point returning a permanent redirect, your browser will have cached that.
– ceejayoz
1 hour ago










1 Answer
1






active

oldest

votes

















up vote
4
down vote













Given that the domain in question seems to be followarmy.com I've tried to access http://games.followarmy.com/, which works first. But when accessing https://followarmy.com then http://games.followarmy.com/ does not work anymore.
The reason is that https://followarmy.com set HSTS for the domain:



Strict-Transport-Security: max-age=63072000; includeSubdomains


Since includeSubdomains is set any future visits to http://games.... will be automatically rewritten by the browser to https://games..... But, when trying to access the site with https it will fail since the subject of the certificate does not match the site. For more information on the HSTS header see the documentation.



Note that this information can not be seen from the incomplete configuration you show. It can also not be seen from this configuration that your SSL setup is broken. Instead if sending the leaf certificate and the necessary intermediate certificate from Let's Encrypt you are sending only your leaf certificate. For more details see the ssllabs report.






share|improve this answer






















  • exactly. how do i fix it?
    – AlphabetoPT
    51 mins ago










  • @AlphabetoPT: given that you don't show the relevant part of the configuration where you set the header it is impossible to say how exactly the fix should look like. But obviously you should not use the includeSubdomains attribute for the header if you don't want to include subdomains. Note that you need clear the cache of the browser again after you've made the change and before retesting and all others which already visited your site and got the wrong HSTS header need to do this too.
    – Steffen Ullrich
    48 mins ago











  • i managed to get SSL working hardly. can you please tell me how to disable the includeSubdomains?
    – AlphabetoPT
    45 mins ago






  • 1




    Oooh, nice catch.
    – ceejayoz
    41 mins ago






  • 1




    @AlphabetoPT: The HSTS header does not get set automatically. Somewhere in your configuration it is explicitly set, something like here. It is not set in the subset of the (edited) configuration you show here so I'm unable to point you to the exact position in the config. You need to look through your full configuration yourself to find and fix this header.
    – Steffen Ullrich
    41 mins ago











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);






AlphabetoPT is a new contributor. Be nice, and check out our Code of Conduct.









 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f938387%2fssl-on-domain-but-not-on-subdomains%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
4
down vote













Given that the domain in question seems to be followarmy.com I've tried to access http://games.followarmy.com/, which works first. But when accessing https://followarmy.com then http://games.followarmy.com/ does not work anymore.
The reason is that https://followarmy.com set HSTS for the domain:



Strict-Transport-Security: max-age=63072000; includeSubdomains


Since includeSubdomains is set any future visits to http://games.... will be automatically rewritten by the browser to https://games..... But, when trying to access the site with https it will fail since the subject of the certificate does not match the site. For more information on the HSTS header see the documentation.



Note that this information can not be seen from the incomplete configuration you show. It can also not be seen from this configuration that your SSL setup is broken. Instead if sending the leaf certificate and the necessary intermediate certificate from Let's Encrypt you are sending only your leaf certificate. For more details see the ssllabs report.






share|improve this answer






















  • exactly. how do i fix it?
    – AlphabetoPT
    51 mins ago










  • @AlphabetoPT: given that you don't show the relevant part of the configuration where you set the header it is impossible to say how exactly the fix should look like. But obviously you should not use the includeSubdomains attribute for the header if you don't want to include subdomains. Note that you need clear the cache of the browser again after you've made the change and before retesting and all others which already visited your site and got the wrong HSTS header need to do this too.
    – Steffen Ullrich
    48 mins ago











  • i managed to get SSL working hardly. can you please tell me how to disable the includeSubdomains?
    – AlphabetoPT
    45 mins ago






  • 1




    Oooh, nice catch.
    – ceejayoz
    41 mins ago






  • 1




    @AlphabetoPT: The HSTS header does not get set automatically. Somewhere in your configuration it is explicitly set, something like here. It is not set in the subset of the (edited) configuration you show here so I'm unable to point you to the exact position in the config. You need to look through your full configuration yourself to find and fix this header.
    – Steffen Ullrich
    41 mins ago















up vote
4
down vote













Given that the domain in question seems to be followarmy.com I've tried to access http://games.followarmy.com/, which works first. But when accessing https://followarmy.com then http://games.followarmy.com/ does not work anymore.
The reason is that https://followarmy.com set HSTS for the domain:



Strict-Transport-Security: max-age=63072000; includeSubdomains


Since includeSubdomains is set any future visits to http://games.... will be automatically rewritten by the browser to https://games..... But, when trying to access the site with https it will fail since the subject of the certificate does not match the site. For more information on the HSTS header see the documentation.



Note that this information can not be seen from the incomplete configuration you show. It can also not be seen from this configuration that your SSL setup is broken. Instead if sending the leaf certificate and the necessary intermediate certificate from Let's Encrypt you are sending only your leaf certificate. For more details see the ssllabs report.






share|improve this answer






















  • exactly. how do i fix it?
    – AlphabetoPT
    51 mins ago










  • @AlphabetoPT: given that you don't show the relevant part of the configuration where you set the header it is impossible to say how exactly the fix should look like. But obviously you should not use the includeSubdomains attribute for the header if you don't want to include subdomains. Note that you need clear the cache of the browser again after you've made the change and before retesting and all others which already visited your site and got the wrong HSTS header need to do this too.
    – Steffen Ullrich
    48 mins ago











  • i managed to get SSL working hardly. can you please tell me how to disable the includeSubdomains?
    – AlphabetoPT
    45 mins ago






  • 1




    Oooh, nice catch.
    – ceejayoz
    41 mins ago






  • 1




    @AlphabetoPT: The HSTS header does not get set automatically. Somewhere in your configuration it is explicitly set, something like here. It is not set in the subset of the (edited) configuration you show here so I'm unable to point you to the exact position in the config. You need to look through your full configuration yourself to find and fix this header.
    – Steffen Ullrich
    41 mins ago













up vote
4
down vote










up vote
4
down vote









Given that the domain in question seems to be followarmy.com I've tried to access http://games.followarmy.com/, which works first. But when accessing https://followarmy.com then http://games.followarmy.com/ does not work anymore.
The reason is that https://followarmy.com set HSTS for the domain:



Strict-Transport-Security: max-age=63072000; includeSubdomains


Since includeSubdomains is set any future visits to http://games.... will be automatically rewritten by the browser to https://games..... But, when trying to access the site with https it will fail since the subject of the certificate does not match the site. For more information on the HSTS header see the documentation.



Note that this information can not be seen from the incomplete configuration you show. It can also not be seen from this configuration that your SSL setup is broken. Instead if sending the leaf certificate and the necessary intermediate certificate from Let's Encrypt you are sending only your leaf certificate. For more details see the ssllabs report.






share|improve this answer














Given that the domain in question seems to be followarmy.com I've tried to access http://games.followarmy.com/, which works first. But when accessing https://followarmy.com then http://games.followarmy.com/ does not work anymore.
The reason is that https://followarmy.com set HSTS for the domain:



Strict-Transport-Security: max-age=63072000; includeSubdomains


Since includeSubdomains is set any future visits to http://games.... will be automatically rewritten by the browser to https://games..... But, when trying to access the site with https it will fail since the subject of the certificate does not match the site. For more information on the HSTS header see the documentation.



Note that this information can not be seen from the incomplete configuration you show. It can also not be seen from this configuration that your SSL setup is broken. Instead if sending the leaf certificate and the necessary intermediate certificate from Let's Encrypt you are sending only your leaf certificate. For more details see the ssllabs report.







share|improve this answer














share|improve this answer



share|improve this answer








edited 44 mins ago

























answered 55 mins ago









Steffen Ullrich

7,7681425




7,7681425











  • exactly. how do i fix it?
    – AlphabetoPT
    51 mins ago










  • @AlphabetoPT: given that you don't show the relevant part of the configuration where you set the header it is impossible to say how exactly the fix should look like. But obviously you should not use the includeSubdomains attribute for the header if you don't want to include subdomains. Note that you need clear the cache of the browser again after you've made the change and before retesting and all others which already visited your site and got the wrong HSTS header need to do this too.
    – Steffen Ullrich
    48 mins ago











  • i managed to get SSL working hardly. can you please tell me how to disable the includeSubdomains?
    – AlphabetoPT
    45 mins ago






  • 1




    Oooh, nice catch.
    – ceejayoz
    41 mins ago






  • 1




    @AlphabetoPT: The HSTS header does not get set automatically. Somewhere in your configuration it is explicitly set, something like here. It is not set in the subset of the (edited) configuration you show here so I'm unable to point you to the exact position in the config. You need to look through your full configuration yourself to find and fix this header.
    – Steffen Ullrich
    41 mins ago

















  • exactly. how do i fix it?
    – AlphabetoPT
    51 mins ago










  • @AlphabetoPT: given that you don't show the relevant part of the configuration where you set the header it is impossible to say how exactly the fix should look like. But obviously you should not use the includeSubdomains attribute for the header if you don't want to include subdomains. Note that you need clear the cache of the browser again after you've made the change and before retesting and all others which already visited your site and got the wrong HSTS header need to do this too.
    – Steffen Ullrich
    48 mins ago











  • i managed to get SSL working hardly. can you please tell me how to disable the includeSubdomains?
    – AlphabetoPT
    45 mins ago






  • 1




    Oooh, nice catch.
    – ceejayoz
    41 mins ago






  • 1




    @AlphabetoPT: The HSTS header does not get set automatically. Somewhere in your configuration it is explicitly set, something like here. It is not set in the subset of the (edited) configuration you show here so I'm unable to point you to the exact position in the config. You need to look through your full configuration yourself to find and fix this header.
    – Steffen Ullrich
    41 mins ago
















exactly. how do i fix it?
– AlphabetoPT
51 mins ago




exactly. how do i fix it?
– AlphabetoPT
51 mins ago












@AlphabetoPT: given that you don't show the relevant part of the configuration where you set the header it is impossible to say how exactly the fix should look like. But obviously you should not use the includeSubdomains attribute for the header if you don't want to include subdomains. Note that you need clear the cache of the browser again after you've made the change and before retesting and all others which already visited your site and got the wrong HSTS header need to do this too.
– Steffen Ullrich
48 mins ago





@AlphabetoPT: given that you don't show the relevant part of the configuration where you set the header it is impossible to say how exactly the fix should look like. But obviously you should not use the includeSubdomains attribute for the header if you don't want to include subdomains. Note that you need clear the cache of the browser again after you've made the change and before retesting and all others which already visited your site and got the wrong HSTS header need to do this too.
– Steffen Ullrich
48 mins ago













i managed to get SSL working hardly. can you please tell me how to disable the includeSubdomains?
– AlphabetoPT
45 mins ago




i managed to get SSL working hardly. can you please tell me how to disable the includeSubdomains?
– AlphabetoPT
45 mins ago




1




1




Oooh, nice catch.
– ceejayoz
41 mins ago




Oooh, nice catch.
– ceejayoz
41 mins ago




1




1




@AlphabetoPT: The HSTS header does not get set automatically. Somewhere in your configuration it is explicitly set, something like here. It is not set in the subset of the (edited) configuration you show here so I'm unable to point you to the exact position in the config. You need to look through your full configuration yourself to find and fix this header.
– Steffen Ullrich
41 mins ago





@AlphabetoPT: The HSTS header does not get set automatically. Somewhere in your configuration it is explicitly set, something like here. It is not set in the subset of the (edited) configuration you show here so I'm unable to point you to the exact position in the config. You need to look through your full configuration yourself to find and fix this header.
– Steffen Ullrich
41 mins ago











AlphabetoPT is a new contributor. Be nice, and check out our Code of Conduct.









 

draft saved


draft discarded


















AlphabetoPT is a new contributor. Be nice, and check out our Code of Conduct.












AlphabetoPT is a new contributor. Be nice, and check out our Code of Conduct.











AlphabetoPT is a new contributor. Be nice, and check out our Code of Conduct.













 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f938387%2fssl-on-domain-but-not-on-subdomains%23new-answer', 'question_page');

);

Post as a guest
































































Comments

Post a Comment

Popular posts from this blog

Long meetings (6-7 hours a day): Being “babysat” by supervisor

Image
Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 31 down vote favorite 4 I hold a PhD in mechanical engineering with a 7 year background in self-guided, self-paced research including 2 years as a graduate level course instructor and a subject matter expert for various engineering projects in a university setting in the United States. For the last 10-11 months, I am working in a research industry in France where my task is to debug C++ spaghetti code written over a period of several years by my current supervisor. It is a team of 2: just I and my supervisor. Diurnally, I am posed with a "bug of the day" to get out of this C++ code. My supervisor generally gives me about 15-30 minutes to solve it and then accosts me about whether or not the task is completed and then rinses and repeats this until the end of the day. Off-late, my supervisor has been holding 6-7 hour long "meetin
Read more

Is the Concept of Multiple Fantasy Races Scientifically Flawed? [closed]

Image
Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite Many fantasy worlds have multiple humanoid species (elves, orcs, humans, etc) living in the same world, in addition to that, they often have the ability to interbreed. And I can't help but question their believability... fantasy-races reproduction interspecies-relations share | improve this question edited Aug 9 at 14:46 Michael Kjörling ♦ 21.1k 10 85 161 asked Aug 9 at 13:13 Chlodio 118 6 closed as unclear what you're asking by MichaelK, Gryphon, John, Vincent, Frostfyre Aug 9 at 15:25 Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question. 3 Stack Exchange exist to
Read more

Confectionery

Image
Prepared foods made with a lot of sugar or other cabohydrates "Sweetmeat" redirects here. For the racehorse, see Sweetmeat (horse). Not to be confused with Sweetbread. This Kransekake is a traditional Scandinavian baker's confection. Confectionery is the art of making confections , which are food items that are rich in sugar and carbohydrates. Exact definitions are difficult. [1] In general, though, confectionery is divided into two broad and somewhat overlapping categories, bakers' confections and sugar confections. [2] Bakers' confectionery, also called flour confections , includes principally sweet pastries, cakes, and similar baked goods. Sugar confectionery includes candies ( sweets in British English), candied nuts, chocolates, chewing gum, bubble gum, pastillage, and other confections that are made primarily of sugar. In some cases, chocolate confections (confections made of chocolate) are treated as a separate category, as are sugar-free versions of
Read more