[SOLVED] HTTP Strict Transport Security (HSTS) Error after fresh install

🚧 Installation
,
1

Hello!

I been working with owncloud some time ago, and now gave NextCloud a try. I am still unexpierienced / noob with it. :slight_smile:

I downloaded the latest vmware ova file from Tech & me.
Installation and setup routines worked like a charm.

My setup is on my home server inside the LAN. There’s a NAT to my static public IP. The ports 80 and 443 are properly forwarded to the server. I tested those things, they are ok.

I checked to use LetsEncypt during the setup, and also checked those couple of security features for apache (i think modsecurity + ?)
It all finished without errors.

I was able to open the webinterface via “hostname.domain.org” , and browser showed it as valid SSL (https: green). I was able to log in as ncadmin. But after a couple of minutes it stopped working.
It says…

Your connection is not secure

The owner of vialactea.izla.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

Thats when i try to connect to it from the LAN side.
I can SSH to the box though without any problems.

When i try to connect from the “outside” (internet) it’s also behaving a bit strange.
Its trying to redirect to an URL like "http:\<my.public.IP>., even im using the FQDN.

I guess thats just my misconfiguration / config mistakes.
Any suggestions how i can passby that cert problem?
It does not even let me select to accept the cert in the browser.

EDIT:
I just seen it also says:

An additional root certificate may need to be imported.
The certificate is only valid for the following names:
mediarouter.home, mediarouter1.home, mediarouter2.home, mediarouter3.home

Error code: SEC_ERROR_UNKNOWN_ISSUER
…
Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: true HTTP Public Key Pinning: false

What is this “mediarouter.home” thing? Thats not my domain.
Where does this come from? Is this somehow predefined in nextcloud or Letsencrypt for some reason?

Thx in advance!
NDev

2

OK, i fixed the problem!
It had nothing to do with Nextcloud, or Letsencrypt.
I found out that my Sophos Firewall/Router did not properly forward port 443, but only 80.
Now i rebooted the router, and tadaaa… : Everything working.
Certificate secure from inside (LAN) and also from outside.

-> SOLVED!