HSTS includeSubDomains directive cannot save to No

  • System Details:
    Debian 8.6
    PHP 5.6.27 - PHP-FPM
    i-MSCP 1.3.7
    Build: 20161021
    Codename: Horner

    All updates current to system, i-mscp and all plugins except for php switcher and whmcs ...

    Under 'Users' - 'Domains' - 'Overview' - 'Manage SSL Certificate'

    When enabling HSTS, I try to disable HSTS includeSubDomains directive by clicking and highlighting No, click on update at bottom of page. I get a success message. When I go back in to verify status, the Yes is still highlighted and the SubDomain directive stays enabled. No matter how many times I try this, it does not disable. I do know that I used this option in i-MSCP version 1.3.6 with no issues. (Nextcloud complains when SubDomains directive option is enabled is why I even use this anyway, doesn't stop my cloud from running anyway).

    I have looked through my logs are see no errors or anything that would shed a light on the problem.

    I looked though the forums and bug tracker and didn't see anything related to this situation, so I apologize if this is posted somewhere as my search came up fruitless.

    I must add, as I often like to, that i-MSCP is the best control panel I have used and my system runs so smooth. I rarely run into problems, unless I broke it, and even then, so simple to restore. My errors logs are so clean it is crazy .... Keep up the great work ..

    Thanks as always ... :D

    “Life is all an Elaborate Hoax”

  • @texxasrulez

    I'll check the issue and fix it if needed. However, be aware that if you activated that option, disabling it will not have effect on browsers which already visited your sites. The browsers will continue to redirect to https for the time period which was specified in the max-age parameter.

    Thank you for your report.


  • Oh I am aware of that ... Believe me, I learned years ago, clear that browser cache if something is not working properly. It might save lots of hours and head banging, and not the good kind of head banging.

    Thanks and have a great weekend ...

    “Life is all an Elaborate Hoax”

  • @texxasrulez

    Bug confirmed (only for Let's Encrypt enabled SSL domains). Will be fixed in next LetsEncrypt plugin version.