Skip to main content
  1. CloudM
  2. Migrate
  3. Errors & Troubleshooting
  4. Errors

You cannot visit [domain] right now because the website uses HSTS

Updated

This article explains how to resolve an issue where your web browser blocks access to the local CloudM Migrate Self-Hosted web interface due to HSTS (HTTP Strict Transport Security) settings. This often happens after you've updated the site's SSL certificate.

Symptoms

After changing the IIS Bindings or SSL certificate for your local CloudM Migrate website, you are unable to access the web UI. Your browser displays a security error and won't connect.

The error message will be similar to:

"You cannot visit cloudm.local right now because the website uses HSTS"

Crucially, your browser will not give you an option to bypass this warning. You won't see a "Proceed anyway" or "Accept the risk" link.

Migrate Cert Error.png

Cause

This issue is caused by a browser security feature called HTTP Strict Transport Security (HSTS). Here's a simple breakdown of what's happening:

  1. HSTS Rule is Set: At some point, your browser communicated with https://cloudm.local and received an HSTS header. This header instructed your browser to only use a secure HTTPS connection for this domain for a set period.

  2. Certificate Changes: You then changed the SSL certificate, for example, by installing a new one or using a self-signed certificate. Your browser now sees this new certificate as untrusted or invalid for cloudm.local.

  3. HSTS Blocks Connection: Because of the stored HSTS rule, your browser is forced to block the connection entirely. It enforces a strict "no trust, no connection" policy, preventing you from making an exception to proceed.

Resolution: Removing the HSTS Rule

To regain access, you must manually remove the stored HSTS rule for your local domain from your browser's settings. The instructions below cover the most common browsers.

Note: In the examples below, cloudm.local is the domain. You should replace this with your own local domain name.

Google Chrome & Microsoft Edge (Chromium)

  1. Open a new tab and navigate to the following internal URL:

    • Chrome: chrome://net-internals/#hsts

    • Edge: edge://net-internals/#hsts

  2. Scroll down to the Delete domain security policies section.

  3. In the Domain text field, enter your local domain name (e.g., cloudm.local).

  4. Click the Delete button. The domain entry should now be cleared.

Migrate Cert Error - net-internals.png

Mozilla Firefox

Firefox does not have a simple tool for removing a single HSTS entry. You must clear the site data from your history.

Warning: This process will remove all history, cookies, cache, and passwords associated with your local CloudM Migrate site.

  1. Close any open tabs for the CloudM Migrate website.

  2. Open your History (press Ctrl + H).

  3. Find your local site (e.g., cloudm.local) in the history list.

  4. Right-click on the site and select Forget About This Site.

  5. Restart Firefox.

Gaining Access After Clearing HSTS

After completing the steps above, close all tabs related to the site and restart your browser.

  1. Navigate back to your local CloudM Migrate website (e.g., https://cloudm.local).

  2. You will likely still see a certificate privacy error page (e.g., "Your connection is not private").

  3. However, you should now have the ability to bypass the warning. Click the Advanced button and then click the link to Proceed to cloudm.local (unsafe).

  4. You should now be able to access the web interface again.

Migrate Cert Error - Fixed.png

Was this article helpful?
0 out of 0 found this helpful