I’m enabling HSTS mode to bypass ISP block port 80 and forwarding all connection from port 80 to 443…
Hence after success i have install Zimbra mail and create a new SSL certificate from Let’s Encrypt to make SSL works … i have some problems with SSL certificate so when i use Let’s encrypt it’s works fine with me…
But the problem now is there is a problem in Zimbra mail with SSL Handshake, it’s keep show even if i disable Cloudflare that the old SSL Certificate from CloudFalre is enabled… and i cannot make any valid SSL with Zimbra and Let’s encrypt through Cloudflare, even if i make a valid SSL and/or disable Cloudflare…
HSTS does not forward anything from port 80 to 443, but instructs browsers to connect exlusively in a secure fashion via HTTPS.
If you have enabled HSTS you certainly cannot disable HTTPS as your site would not be reachable otherwise. If you want HSTS only for certain hosts you would need to disable it globally and enable it per-host via page rules. Keep in mind though, if some browsers already got HSTS you will need to wait until it expires.
Also, not using SSL generally is a bad idea. You better ensure you can get SSL working with them or switch to a different service otherwise.
Also also, if that is mail related you need to unproxy the entire mail host as you cant proxy that via Cloudflare anyhow.
Also i’m unproxy the mail server host from Cloudflare; and it’s showing the real IP for my webserver; but the problem is the Cache still not deleted; or chaned… even if i force to clear cache it’s doesnt go since 4 days …
Well i’m going to put rule to disable HSTS on certain domains and make sure the cache is not enabled on them; this is only what i’m looking to do… make sure Cloudflare SSL is not enabled on my mail.mysite.com
the SMTP is on relay server; not my server; and it’s show me ( connection reset by peer and delivery temporarily suspended: Cannot start TLS: handshake failure ) because of SSL cache…
which rule should i enable or disable to make sure HSTS is off on my mail.mysite.com ?
I understand, but the problem is with Cloudflare SSL cache header is still showing old Cloudflare SSL and this is make a handshake failure with the relay SMTP server.
I am not sure what that means but whatever header Cloudflare returns should not affect SMTP connections. Check your SMTP connection settings if you maybe configured it to connect via TLS to a server which does not support TLS.