Hsts error when using www. on my url

Hello! I’m having trouble figuring out an error I’m having getting my website to load correctly when using www. in front of it. I tried to search for another thread describing this error but couldn’t find one, apologies if I missed it. Apologies as well if I don’t describe what’s going on well enough, I’m super new to building out a website and am past my super minimal skill level.

So I’m building a site on neocities and want to use a URL I purchased from Dreamhost. I was able to enter an A record and an AAAA record on dreamhost and my website is online with https://mywebsite.com.

I tried adding a CNAME for www.mywebsite.com, but when I go to it I get one of two errors. The first is a hsts warning saying the connection is not secure and the browser will not allow me to click through. Other times it shows the dreamhost parked site. I added a Let’s Encrypt Certificate but that doesn’t seem to have solved it. I came across something suggesting that the security certificate may itself cause this kind of problem because both dreamhost and neocities default to https.

It seems like the problem is the connection between dreamhost and neocities, but that’s as far as I can get. Any ideas?

Just to give an idea about my skill level is, I don’t really know what an A record, an AAAA record, or a CNAME is, I was just following instructions for what neocities was saying to do to get my custom domain to work. I barely understand what this hsts error is.

To use WWW in your URL, Add this to your htaccess file:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com
RewriteRule ^/(.*)$ https://www.example.com/$1 [R=301,L]

Generic Steps from HTTP to HTTPS

• Read all info at your host concerning certificates & switching to HTTPS and when applicable, follow those instructions.

• Install security certificate.

• Have your host enable HTTPS (if needed.) This will enable access from both HTTP & HTTPS allowing normal access while you test.

• Go through site, page by page & make sure all file paths are relative (no protocol.) Test by accessing site using HTTPS and look for any browser alerts.

• Edit any absolute paths to HTTPS

• Update any Plugins or APIs to HTTPS

• Install 301 redirect code in .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Thanks for the replies. about the .htaccess file, I’m concerned that won’t fix the problem because of this FAQ from my host neocities:

Do you support .htaccess files?

No. And we don’t intend to.
The .htaccess file is an Apache specific thing, and we don’t use Apache for our backend. In addition, we generally don’t add features to Neocities that make the functionality of sites depend on custom backend functionality.

The full explanation is on their contact page (I’d link to the full explanation but am limited on how many URLs I can post as a new member), but I’m interpreting that to mean that adding it to my URL won’t solve the problem and may create another problem?

I got a new error message today when trying to load my site, It’s not mentioning an hsts error but instead now gives me a SSL_ERROR_BAD_CERT_DOMAIN with the explanation “Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for www.mywebsite.com. The certificate is only valid for mywebsite.com.” Thoughts?

going through some of the suggestions…
• Read all info at your host concerning certificates & switching to HTTPS and when applicable, follow those instructions.
neocities is super basic and doesn’t have any of this kind of capability, switching to HTTPS or detail on certificates. The only thing I can find on both is that they use Let’s Encrypt for people with custom domains (me!) and default to HTTPS. From what I can tell just HTTP isn’t an option here.

• Install security certificate.
I’ve done that here at dreamhost, neocities does it on its own and I don’t have access to any of the back end info

• Have your host enable HTTPS (if needed.) This will enable access from both HTTP & HTTPS allowing normal access while you test.
HTTPS is the default for my host

• Go through site, page by page & make sure all file paths are relative (no protocol.) Test by accessing site using HTTPS and look for any browser alerts.
Not sure I understand what this is suggesting but there is only one page right now. I get an alert when accessing the site with HTTPS and when I try with HTTP, it redirects to HTTPS and shows the same alert. Currently it’s the SSL_ERROR_BAD_CERT_DOMAIN error mentioned above.

• Edit any absolute paths to HTTPS
there’s not too much to go through right now but there was one link that was written with HTTP and I corrected it to HTTPS

• Update any Plugins or APIs to HTTPS
I’m not aware of any plugins or APIs associated with my site on either the host or domain sides

• Install 301 redirect code in .htaccess file
I have not yet created a .htaccess file so I assume I don’t have one yet given that. I’ve read a bit about it on the dreamhost knowledge base and it feels outside my current skill level, right now I’m weighing the amount of time it’ll take to figure out (correctly) against what neocities says about .htaccess files and me thinking it won’t solve the problem

The suggestions I gave are specific to Apache. So if your host is not using Apache, then disregard.

Just because your DNS is here at DH, it has nothing to do with your hosting company’s server config.

You should really be asking your questions to others clients of your hosting company. This forum is made up of hosting clients at DreamHost. As such, we will probably not be of help.

.

I was able to get this worked out with the host, the problem was in the certificate on their end. Thanks everyone for the suggestions, it did fix a bit of code on the site even if it wasn’t causing the problem.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.