Hi! I’ve got a list of domains here with the same settings, including turning on ‘Always Use HTTPS’ feature, but it won’t work on a couple of domains, it just stays on http and doesn’t redirect to https unless there’s www subdomain. Others work just fine without it so what could be the problem? One of the domains with this issue is astrologytrainingapp.xyz
Your domain astrologytrainingapp.xyz redirects correctly to HTTPS, but your nginx origin is returning a HTTP 403 error:
🦉 $ curl -sv -L http://astrologytrainingapp.xyz
* Trying 2606:4700:3031::6815:505...
* TCP_NODELAY set
* Connected to astrologytrainingapp.xyz (2606:4700:3031::6815:505) port 80 (#0)
> GET / HTTP/1.1
> Host: astrologytrainingapp.xyz
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 17 Aug 2021 10:25:13 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: max-age=3600
< Expires: Tue, 17 Aug 2021 11:25:13 GMT
< Location: https://astrologytrainingapp.xyz/
< Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bEC6lp8Hv9FaGFyVE5XfDJNfaRsI2oDa83am%2BvQg58AnVUyjuG4ooHBpdX2t4bVImxN5zuk7SVh3u2MeqK3hYWTtHUnFfuDD2SfTVbkj5D5xM4DmL%2F77%2Bi33yh96h11mGMEmYVQx5ONEeSgcFJnOvi9bYa2uWsg%3D"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 6802327b6ca803b6-LIS
< alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
<
* Ignoring the response-body
* Connection #0 to host astrologytrainingapp.xyz left intact
* Issue another request to this URL: 'https://astrologytrainingapp.xyz/'
* Trying 2606:4700:3031::6815:505...
* TCP_NODELAY set
* Connected to astrologytrainingapp.xyz (2606:4700:3031::6815:505) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.astrologytrainingapp.xyz
* start date: Aug 16 08:44:39 2021 GMT
* expire date: Nov 14 08:44:37 2021 GMT
* subjectAltName: host "astrologytrainingapp.xyz" matched cert's "astrologytrainingapp.xyz"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f87f0808200)
> GET / HTTP/2
> Host: astrologytrainingapp.xyz
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 403
< date: Tue, 17 Aug 2021 10:25:13 GMT
< content-type: text/html; charset=utf-8
< cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rz3j6PsjSASCa4g7Lr7AKipU7SnmGH9hH4GU9YcpVieDMO5tNBqaA3hZkirrUWsqmd9XksoQnaJeUGHUtAJ9SQ7oIaAy7vMqsFUYVvBvT8p%2B0EYIAOG%2BMcThP7JQLgG3bZ0rBo6YC6KOOXZijlE63HAbbzljB6E%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 6802327ca9fa5d37-LIS
< alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
<
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.21.1</center>
</body>
</html>
* Connection #1 to host astrologytrainingapp.xyz left intact
* Closing connection 1
* Closing connection 0```This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.