Let's encrypt problem with Strict Transport Security

    Under /var/www/imscp/gui/plugins/LetsEncrypt/config.php or something like that :D

    There is only one question left: I dont ckeked this "Strict Transport Security" so i should be able to see my website also on http:// without ssl or not? It already get it on https://


    yes i deleted the cache

    I-MSCP 1.5.3 - Debian 9 Stretch

    Yes normally you should be able to also use http, if HSTS is not enabled for that domain or a parent domain with "includeSubdomains" flag. I cannot tell you here why your website redirects to https here. May you wrote something into your htaccess, php-redirect or something like that..


    BTW: With HSTS enabled we redirect with 307 code (internal). Your redirect has type 301 (permanently) :)

    I've edited my post.

    Quote from Ninos

    BTW: With HSTS enabled we redirect with 307 code (internal). Your redirect has type 301 (permanently)


    So seems to be because of your script or custom changes :D

    Flushing cache is not sufficient to get ride of HSTS properties in FF and even chrome ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support