Can't Disable SSL on Sub Domain

Hi, i have setup a CNAME entry “DNS only” but when i get preview i get security error for example check this link browser automatically change http to https, note that i have disabled force https and also i tried to setup rule ** SSL: Off but no use … can anyone tell me how to fix this issue … in short i don’t want to use SSL on hope you get my point.

I am on team ‘Encrypt All The Things’, so it safe to assume my recomendation is to enable SSL support that origin. That said, you are going to need to disable HSTS on your subdomains, and wait for it to age out.

From the message displayed by the browser when visiting the URL you shared:

You cannot visit right now because the website uses HSTS

Thanks for your reply but HSTS is already disabled on the domain and i never enabled before …

You may not have HSTS enabled in Cloudflare, but the domain definitely has HSTS enabled., and are currently preloaded. That means they are on the list of sites that are hardcoded into Chrome as being HTTPS only.

Even if you are able to update the HSTS preload status of the domain, it will still take time to reach the browsers. Your best move is going to be to put a valid cert for your hostname on that server and kick the plain HTTP to the curb.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.