vSphere Client or Host Client inaccessible and errors out with- "You can't visit <Hostname> right now because the website uses HSTS"
Article ID: 417236
Updated On:
Products
Issue/Introduction
- After regenerating/replacing the vCenter Server or ESXi host machine SSL certificate, the web UI for either of them is no longer accessible.
- The below error message is seen when tying to access to UI client.
<HOSTNAME> uses encryption to protect your information. When Microsoft Edge tried to connect to <HOSTNAME> this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be <HOSTNAME>, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Microsoft Edge stopped the connection before any data was exchanged.
Environment
VMware vSphere ESXi 7.x
VMware vSphere ESXi 8.x
VMware vCenter Server 7.x
VMware vCenter Server 8.x
Cause
If a browser has stored HSTS settings for a domain and you later try to connect over a broken HTTPS connection (mis-match hostname, expired certificate, etc) you will receive an error. HSTS-related errors cannot be bypassed. This is because the browser has received explicit instructions from the browser not to allow anything but a secure connection.
Resolution
Clear the HSTS settings in the browser you are using to access the ESXi host's web ui.
Chrome
- Enter
chrome://net-internals/#hstsin the address bar. - Enter the ESXi/vCenter Server hostname in the Domain field under Delete domain security policies.
- Click the Delete button.
Edge
- Enter
edge://net-internals/#hstsin the address bar. - Enter the ESXi/vCenter Server hostname in the Domain field under Delete domain security policies.
- Click the Delete button.
After clearing the HSTS settings from your respective browser for the affected hos, you should now be able to connect to the web UI successfully
Feedback
