Reproduction steps
- Install the
common
, tls
and nginx
roles
- Visit the default website over a TLS secured connection
Expected result
Browser warning about the self-signed certificate, but I can add an exception
Actual result
In Iceweasel (Firefox), I get a message that includes the paragraph, "This site uses HTTP Strict Transport Security (HSTS) to specify that Iceweasel only connect to it securely. As a result, it is not possible to add an exception for this certificate." The webpage cannot be displayed.
Workaround
Use the letsencrypt
role to replace the tls
role's self-signed certificates with ones trusted by most browsers.
Possible solution
Modify the nginx
role to disable HSTS when using self-signed certificates.