hsts Neterr_cert_common_name_invalid

Without full understanding, I had enabled HSTS on amerkhalid.com with option includeSubDomains. I had a subdomain that was used as “Custom Domain” to SmugMug site. After enabling HSTS, these subdomains started to throw NET::ERR_CERT_COMMON_NAME_INVALID.

The fix is of course simple, don’t use includeSubDomains. But that opens up your top level domain to man in middle attacks.

For now, I decided to follow the best practices and leave includeSubDomains enabled. And decided to not use custom domain for my SmugMug site.

Lastly, you can clear HSTS settings in Chrome by:

1. Enter in Address Bar chrome://net-internals/#hsts
2. Under Delete domain type your domain
3. Hit Delete button.