1
1
So, I have control over a small webserver that controls a subdomain of an intranet domain; the domain has HSTS turned on, so I can't connect to my subdomain via HTTP; I also can't use self-signed certificates and HTTPS. I've thought about using Let's Encrypt to get a proper certificate, but due to the domain being inaccessible from the internet, I can't do that either.
Is there a way to circumvent HSTS to connect to my server through a browser? (I'm trying to set up a Jupyter instance, if that matters)
1HSTS doesn't affect subdomains unless you explicitly add
includeSubdomains
– Bob – 2018-04-27T12:14:13.167Well, apparently, it is included; I only have control over the subdomain, so I did not configure HSTS – Akiiino – 2018-04-27T12:35:08.123
Unfortunately, you're stuck either setting up valid HTTPS or getting the parent domain's admin to remove
includeSubdomains
(and waiting for the previous HSTS entry to expire if you're not the only user). – Bob – 2018-04-28T15:08:00.733