[Support request] Strict-Transport-Security(HSTS) not working

Home Forums Really Simple SSL pro Strict-Transport-Security(HSTS) not working

This topic contains 4 replies, has 3 voices, and was last updated by  Mark Wolters 1 month, 3 weeks ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #163313 Reply

    William
    Participant

    Hello,

    I purchased the Really Simple SSL pro and enabled the HSTS feature, but I got two problem need help.
    -https://securityheaders.com/?q=kosmos.org.tw
    There is an error about “Strict-Transport-Security´╝ÜThis site was served over HTTP and did not redirect to HTTPS.”
    https://hstspreload.org/?domain=kosmos.org.tw
    There is an error about “Warning: Unnecessary HSTS header over HTTP”

    How should fix these issues?

    • This topic was modified 2 months, 3 weeks ago by  William.
    #163354 Reply

    Mark Wolters
    Keymaster

    Hi William,

    have you enabled a redirect setting in the plugin settings (Settings->SSL->Settings)? That should redirect the site to https:// and solve the first error. Likely the HSTS header will then be served over https:// as well to fix the second error.

    Mark

    #163703 Reply

    William
    Participant

    Hello Mark,

    After then I re-enable SSL and HSTS and waiting for a while, it finally works. Now my site passed the check list of the header scan. Thank you!

    #198913 Reply

    adil mhemed
    Participant

    please i have this problems help

    Detected possible certificate issues
    Really Simple SSL failed to detect a valid SSL certificate. If you do have an SSL certificate, try to reload this page over https by clicking this button:

    Reload over https

    . The built-in certificate check will run once daily; to force a new certificate check visit the SSL settings page. Really Simple SSL requires a valid SSL certificate. You can check your certificate on Qualys SSL Labs.

    #199048 Reply

    Mark Wolters
    Keymaster

    Hi Adil,

    your site cannot be connected to over port 443, the SSL port. You can contact your hosting provider so they can check if port 443 has been opened correctly.

    Mark

Viewing 5 posts - 1 through 5 (of 5 total)
Reply To: Strict-Transport-Security(HSTS) not working
Your information: