Host UI inaccessible "You can't visit <Hostname> right now because the website uses HSTS"
search cancel

Host UI inaccessible "You can't visit <Hostname> right now because the website uses HSTS"

book

Article ID: 417236

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

After regenerating/replacing the ESXi host certificate, the web UI is no longer accessible.

Receiving an error message similar to the following when attempting to access the ESXi host's web UI after a certificate replacement:

<HOSTNAME> uses encryption to protect your information. When Microsoft Edge tried to connect to <HOSTNAME> this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be <HOSTNAME>, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Microsoft Edge stopped the connection before any data was exchanged.

 

Environment

VMware vSphere ESXi 7.x

VMware vSphere ESXi 8.x

Cause

If a browser has stored HSTS settings for a domain and you later try to connect over a broken HTTPS connection (mis-match hostname, expired certificate, etc) you will receive an error. HSTS-related errors cannot be bypassed. This is because the browser has received explicit instructions from the browser not to allow anything but a secure connection.

Resolution

Clear the HSTS settings in the browser you are using to access the ESXi host's web ui.

Chrome

  1. Enter chrome://net-internals/#hsts in the address bar.
  2. Enter the ESXi hostname in the Domain field under Delete domain security policies.
  3. Click the Delete button.

 

Edge

  1. Enter edge://net-internals/#hsts in the address bar.
  2. Enter onsite.teramind.io in the Domain field under Delete domain security policies.
  3. Click the Delete button.

After clearing the HSTS settings from your respective browser for the affected hos, you should now be able to connect to that ESXi host's web ui successfully