Strange HSTS error on visiting panel

When I go to my panel, it gives me a certificate error, but when I click on advanced to ignore it, where it usually says continue or whatever, it just says “You cannot visit [panel] right now because the website uses HSTS.” I already tried using incognito, that didn’t work either. I also obviously don’t have HSTS on and have proper certificates. Not really sure what to do.

Show the output of these commands:

grep -ri Strict-Transport-Security /usr/local/hestia/nginx/conf
grep -ri Strict-Transport-Security /home/*/conf/web/

Sharing the actual domain name would help us understand what’s going on. Additionally, keep in mind that some TLDs, such as .dev and .app, enforce HSTS in browsers.

Please use Firefox or Google Chrome without this issue. Edge will have this error!

The commands outputted nothing.
The domain is wondered.dev and the panel is hcp.wondered.dev:2083 if you need that.
Also, I wasn’t aware that certain TLDs did that when I bought the domain, but I haven’t had this issue before with it before and is only on the panel, nowhere else on the website. Thanks!

Not using edge, I’m using Brave, and I checked Firefox and it still had the issue there.

Ok, as your site is a dev site, it enforces browsers to connect using https, the problem is that you installed a Cloudflare’s Origin certificate and this certificate is not valid for browsers.

As you are already using port 2083, you can enable Cloudflare’s proxy for hcp.wondered.dev or you can issue a Let’s Encrypt certificate for it:

v-add-letsencrypt-host
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.