ZipperZapper
Verified User
- Joined
- Nov 30, 2015
- Messages
- 138
So, I have HSTS (Strict-Transport-Security-header) enabled server-wide trough a custom nginx_server_secure.conf template.
This works fine, apart from one case I'm running into now and can't find a solution for.
One of my clients used to host a personal website, misterexample.com, with a valid SSL-cert from Let's Encrypt.
A while ago the client decided to stop hosting his personal website and redirect it to his LinkedIn profile with the Domain Redirect (301) settings in DirectAdmin.
This creates the following problem:
- After a while, I will get a message the automatic renewal of misterexample.com has failed;
- I can see this too when trying to recreate a cert by hand, it will just redirect to LinkedIn because of the Domain Redirect;
- When the cert expires or when I disable SSL-support for the site, the redirect will no longer work because of the HSTS that was there originally and the internet never forgets and browsers always select the https-one.
The only way to renew the cert is by removing the Domain Redirect, rebuilding the nginx_confs, renew the cert and then add the Domain Redirect again.
This works, but I'm already tired of this weird construction after 2 renew-cycles.
There must be a way to redirect / from misterexample.com to LinkedIn, but to allow /.well-known? I thought /etc/nginx/webapps.conf took care of that, but it obviously isn't. I tried including webapps.conf BEFORE the Domain Redirect parameter in nginx_server_secure.conf, but that makes no difference.
This works fine, apart from one case I'm running into now and can't find a solution for.
One of my clients used to host a personal website, misterexample.com, with a valid SSL-cert from Let's Encrypt.
A while ago the client decided to stop hosting his personal website and redirect it to his LinkedIn profile with the Domain Redirect (301) settings in DirectAdmin.
This creates the following problem:
- After a while, I will get a message the automatic renewal of misterexample.com has failed;
- I can see this too when trying to recreate a cert by hand, it will just redirect to LinkedIn because of the Domain Redirect;
- When the cert expires or when I disable SSL-support for the site, the redirect will no longer work because of the HSTS that was there originally and the internet never forgets and browsers always select the https-one.
The only way to renew the cert is by removing the Domain Redirect, rebuilding the nginx_confs, renew the cert and then add the Domain Redirect again.
This works, but I'm already tired of this weird construction after 2 renew-cycles.
There must be a way to redirect / from misterexample.com to LinkedIn, but to allow /.well-known? I thought /etc/nginx/webapps.conf took care of that, but it obviously isn't. I tried including webapps.conf BEFORE the Domain Redirect parameter in nginx_server_secure.conf, but that makes no difference.