[Support request] Strict-Transport-Security(HSTS) not working

Home Forums Really Simple SSL pro Strict-Transport-Security(HSTS) not working

This topic contains 11 replies, has 4 voices, and was last updated by  Rick Vidallon 1 month, 2 weeks ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #163313 Reply

    William
    Participant

    Hello,

    I purchased the Really Simple SSL pro and enabled the HSTS feature, but I got two problem need help.
    -https://securityheaders.com/?q=kosmos.org.tw
    There is an error about “Strict-Transport-Security´╝ÜThis site was served over HTTP and did not redirect to HTTPS.”
    https://hstspreload.org/?domain=kosmos.org.tw
    There is an error about “Warning: Unnecessary HSTS header over HTTP”

    How should fix these issues?

    • This topic was modified 4 months, 4 weeks ago by  William.
    #163354 Reply

    Mark Wolters
    Keymaster

    Hi William,

    have you enabled a redirect setting in the plugin settings (Settings->SSL->Settings)? That should redirect the site to https:// and solve the first error. Likely the HSTS header will then be served over https:// as well to fix the second error.

    Mark

    #163703 Reply

    William
    Participant

    Hello Mark,

    After then I re-enable SSL and HSTS and waiting for a while, it finally works. Now my site passed the check list of the header scan. Thank you!

    #198913 Reply

    adil mhemed
    Participant

    please i have this problems help

    Detected possible certificate issues
    Really Simple SSL failed to detect a valid SSL certificate. If you do have an SSL certificate, try to reload this page over https by clicking this button:

    Reload over https

    . The built-in certificate check will run once daily; to force a new certificate check visit the SSL settings page. Really Simple SSL requires a valid SSL certificate. You can check your certificate on Qualys SSL Labs.

    #199048 Reply

    Mark Wolters
    Keymaster

    Hi Adil,

    your site cannot be connected to over port 443, the SSL port. You can contact your hosting provider so they can check if port 443 has been opened correctly.

    Mark

    #222429 Reply

    Rick Vidallon
    Participant

    Hi Mark,
    I have 5 site pro license. I have 3 sites added to same.
    In the Wp admin for one of the sites under configuration I see the following warning:
    HTTP Strict Transport Security is not enabled. To enable, get Premium.

    Under settings every is enabled except the last 3:
    -Debug
    -Stop editing the .htaccess file
    -Switch mixed content fixer hook

    I do not see any seeing for enabling HSTS
    Please let me know. Thanks Rick

    #222432 Reply

    Mark Wolters
    Keymaster

    Hi Rick,

    sounds like the pro plugin isn’t activated on that site, can you check if Really Simple SSL pro is listed as active in the plugins overview? Having pro active should get rid of the warning and add an HSTS option to the settings.

    #222436 Reply

    Rick Vidallon
    Participant

    I just added it as https://visionefx.net abt/ 30 mins ago in the overview.
    I also added https://www.sageguild.com also.

    Same issue for both.

    #222443 Reply

    Mark Wolters
    Keymaster

    Hi Rick,

    the pro plugin also has to be installed and activated on those sites before HSTS can be set. You can check if this is the case in the plugins overview.

    #222461 Reply

    Rick Vidallon
    Participant

    Hi Mark,
    3 questions.
    Where may I direct download the Pro plugin version?
    Do I need to deactivate or uninstall the free plugin?

    #222471 Reply

    Mark Wolters
    Keymaster

    You can download the pro plugin from your account page at https://really-simple-ssl.com/account (click on the purchases tab and then on ‘view details and downloads’, a link to the zip file can be found at the bottom of that page). The pro plugin is an add-on for the free plugin, therefore the free plugin needs to remain enabled. For detailed installation instructions see https://really-simple-ssl.com/knowledge-base/install-really-simple-ssl-pro/.

    Let me know if you have any other questions.

    #222474 Reply

    Rick Vidallon
    Participant

    Excellent. I will give it a whirl.
    Thanks Mark

Viewing 12 posts - 1 through 12 (of 12 total)
Reply To: Strict-Transport-Security(HSTS) not working
Your information: