Browsers forcing me to access using https (I no longer have SSL)

Joined
Sep 12, 2016
Messages
28
Likes
4
Degree
0
Basically I did a huge mess with my servers (also involving me trying multiple times to install lets encrypt ssl). So I had to start fresh deleted everything and starting with new servers on my vps
Due to me failing everytime with the ssl, I cannot longer get a new certificate (theres a limit of 5 certificates per week) - I have to wait 1 week to do it again, not a problem

THE PROBLEM - Can't access my site
Now when I try to go to mydomain.com, all my browsers force me to go via https (which i not longer have)
I can only get into my domain on my phone. So theres something messing only with my browsers
I have already tried this without effects: http://superuser.com/questions/565409/chrome-how-to-stop-redirect-from-http-to-https

Help would be appreciated
Thanks
 
In your config file for nginx/apache, are you forcing the redirect to HTTPS? If "ALL" of your browsers are redirecting to HTTPS, they are most likely being told to by the server. If you're on Ubuntu, the files for apache are normally located in /etc/apache2/sites-enabled and for nginx they are in /etc/nginx/sites-enabled. If this is cpanel, I have no clue because I'd rather use a DIY root canal kit than a cpanel.

Aside from the usual 301 redirects you'll see, the server could also be configured to issue a HSTS (HTTP Strict Transport Security) policy in the header after the first HTTP (unencrypted) request comes in which tells the browser to use the HTTPS connection. On Nginx, you'll see this in a line like the following:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

Here's some more info on how that works, using nginx as an example: https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
 
Thanks @SmokeTree , but my server doesn't redirect to https; it is fresh and i haven't set up ssl yet

Also I can see my site on my phone, and probably on other pcs that haven't go to the site previously, the problem is that something before forces all my browsers to use https on my site

Heres what my nginx looks atm
Code:
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        # include snippets/snakeoil.conf;
        #
        # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
        # ssl_ciphers HIGH:!aNULL:!MD5;
        # ssl_prefer_server_ciphers on;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;

Thanks

I tried installing Comodo browser and it still pushes me to https
Maybe it has something to do with my IP or the PC I have no idea

Edit: I just check, I can go to my site using http on PCs / devices that did not went to the site with previously
 
Have you tried deleting the SSL certifications from your browsers that visited the site before?
 
I just fixed it, the problem was due to my ISP
the ISP apparently also keeps cache of your visited sites and it messed with my browsers
I asked my ISP to restart my service and it fixed my issue.
Thanks again
 
Whoa that interesting, I've never heard ISPs doing that before. I'm wondering what would happen when SSLs expires or are changed before the expiration - would the ISP still keep the cached version? If so, that seems dangerous.
 
Some ISPs use Web Caching (https://en.wikipedia.org/wiki/Web_cache) and that can wreck havoc with developers especially. The reason (well, one of them) it's done is to reduce bandwidth by caching pages so they don't have to be pulled from the site every time. The expiry time for the cached pages is normally small (<= 30 mins) but only the ISP would know the time for sure. Pages accessed over HTTPS are NOT cached, as they are encrypted and the only way to do this would be with a "Man in the middle" type of attack.
 
Pages accessed over HTTPS are NOT cached, as they are encrypted and the only way to do this would be with a "Man in the middle" type of attack.
I don't think the ISP is doing an "Man in the middle" attack, but I think they are caching the actually SSL certification in this instance - and that still troubles me.
 
Yes, really frustating and rare thing. This is from the source I read before asking my ISP to restart my internet.
"Internet Service Provider Cache
In the same way that your web browser has a cache of recent web pages, your Internet Service Provider (ISP) may be doing some caching on your behalf.
In some (rare) cases, even though you are using shift-refresh to get new data from a webpage, the pages still seem to be old. This may be because your Internet Service Provider also has a cache and their cache may not be set up quite right, and they are not downloading the latest web pages.
When you encounter this problem you will have to communicatie with your ISP to fix this problem"
 
Back