Skip to main content
  1. CloudM
  2. Migrate 4
  3. Errors & Troubleshooting
  4. Errors

Error: "You cannot visit [domain] right now because the website uses HSTS"

Updated

This article explains how to resolve an issue where your browser blocks access to the local CloudM Migrate web interface due to HSTS (HTTP Strict Transport Security) settings.

 

Symptom

After making changes to the IIS Bindings for your local CloudM Migrate website, such as installing a new SSL certificate (a step often required for Box migrations), you are unable to access the web UI.

Your browser displays a security error and refuses to connect. The error message will be similar to:

You cannot visit cloudm.local right now because the website uses HSTS

Crucially, the browser does not give you an option to bypass this warning (e.g., there is no "Proceed anyway" link).

 

Cause

This issue is caused by a browser security feature called HTTP Strict Transport Security (HSTS). The process is as follows:

  1. HSTS Rule is Set: At some point, your local CloudM Migrate website (https://cloudm.local) sent an HSTS header to your browser. This header instructed your browser to only communicate with this specific domain using a secure HTTPS connection for a set period.

  2. Certificate Changes: You then changed the IIS configuration or replaced the SSL certificate. The new certificate may be self-signed or not fully trusted by your machine for cloudm.local.

  3. HSTS Blocks Connection: When you now try to access the site, your browser sees the new, untrusted certificate. Because of the stored HSTS rule, your browser is forbidden from allowing you to make an exception and "proceed anyway." It enforces a strict "no trust, no connection" policy, effectively locking you out.

 

Resolution: Removing the Domain from Your Browser's HSTS List

To regain access, you must delete the stored HSTS rule for your local domain from your browser's settings. Follow the instructions for your specific browser below.

Note: The local domain is cloudm.local in these examples, but you should use the domain name relevant to your own setup.

 

For Google Chrome & Microsoft Edge (Chromium)

  1. Open a new tab and navigate to the following internal URL:

    • For Chrome: chrome://net-internals/#hsts

    • For Edge: edge://net-internals/#hsts

  2. Scroll down to the Delete domain security policies section.

  3. In the Domain text field, enter the local domain name (e.g., cloudm.local).

  4. Click the Delete button. The domain entry should now be cleared.

 

For Mozilla Firefox

Firefox does not have a simple tool for removing a single HSTS entry. You must clear the site data from your history.

Warning: This process will remove all history, cookies, cache, and passwords associated with your local CloudM Migrate site.

  1. Close any open tabs for the CloudM Migrate website.

  2. Open your Browse history (press Ctrl + H).

  3. Find your local site (e.g., cloudm.local) in the history list.

  4. Right-click on the site and select Forget About This Site.

  5. Restart Firefox.

Accessing the Site After Clearing HSTS

After completing the steps above, close all tabs related to the site and restart your browser.

  1. Navigate back to your local CloudM Migrate website (e.g., https://cloudm.local).

  2. You will likely still see a certificate privacy error page (e.g., "Your connection is not private").

  3. However, you should now have the ability to bypass the warning. Click the Advanced button and then click the link to Proceed to cloudm.local (unsafe).

You should now be able to access the web interface again.

Was this article helpful?
0 out of 0 found this helpful