Clear HSTS settings cached in browser (Chrome, Brave, Firefox, Safari, EDGE)

HSTS was created in response to an HTTPS vulnerability that was discovered by computer security researcher Moxie Marlinspike. With HSTS protocol, the website forces the browsers to open the website strictly with HTTPS only. In this article we can see how to clear HSTS entries cached in browsers to get access again to websites that have been refreshed server-side (certificate renewed or CA changed) or for corrupted entries client-side. Read More …

Getting Let’s Encrypt Certificate using DNS-01 challenge with acme-dns-certbot-joohoi or acme.sh

Getting Let’s Encrypt Certificate using DNS-01 challenge with acme-dns-certbot-joohoi or acme.sh, in manual or automated way, using a cron job and/or DNS APIs, if available Read More …

Configuring OCSP Stapling for Let’s Encrypt in Nginx [New Question]

A quick question, answered on Heelpbook, about “Configuring OCSP Stapling for Let’s Encrypt in Nginx”, that helps checking the revocation status of a digital certificate issued by Let’s Encrypt, on Nginx. Read More …

Nginx – How to disable access (http and https) to a website using IP address [New Question]

A quick question, answered on Heelpbook, about how to “Disable access (http and https) to a website using IP address”, on Linux platforms using Nginx web/reverse proxy server . This will help forcing access to web sites and applications using only FQDNs. Read More …

How to generate a Diffie-Hellman 4096-bit Key in less time [New Question]

A quick question, answered on Heelpbook, about “How to generate a Diffie-Hellman 4096-bit Key in less time”. This can save time when we need to generate a DH 4096 bit key on a Linux system, usually used to harden a SSL/TLS configuration for web servers, but also used for SSH, IPSec, SMTPS protocols. Read More …