I configured HSTS about 8 months ago for the domain netletic.com. I then had the domain added to the Chrome HSTS Preload list and all was well. Today I noticed the domain is pending removal from the Preload list, because the preload & includeSubDomains directives aren’t present.
curl --silent --head https://netletic.com | grep -i 'strict-transport-security' strict-transport-security: max-age=63072000
But I do have those directives enabled. I tried to deactivate/reactivate them about 3 hours ago, but that didn’t change anything.
It seems as if the settings I apply in the SSL/TLS section don’t affect the running config anymore. I only had TLSv1.2 and TLSv1.3 enabled, I just added TLSv1.1 as a test:
But both the output from
openssl confirm TLSv1.1 isn’t supported.
$ openssl s_client -connect netletic.com:443 -tls1_1 $ nmap --script=ssl-enum-ciphers -p T:443 netletic.com
See https://pastebin.com/EjM5s4D7 for the output of the commands.
It’s as if the domain’s settings are managed elsewhere now. But netletic.com still show as Proxied by Cloudflare for in the DNS settings:
And the NS records still point to Cloudflare:
$ dig NS netletic.com +short bayan.ns.cloudflare.com. tegan.ns.cloudflare.com.
I’m a bit stumped. If anyone has any idea I’d be delighted, cheers!