www redirects to unsecured http site

[natebass]

When you navigate to https://www.codeforsacramento.org it redirects to http://codeforsacramento.org.

[natebass]

We can compare behavior to openbudgetsac.org, which always redirects to the naked https domain.

Open Budget Sac

✅ Redirects to https https://www.openbudgetsac.org → https://openbudgetsac.org/ ✅ Redirects to https http://openbudgetsac.org → https://openbudgetsac.org/

Code for Sacramento

✅ Supports https https://codeforsacramento.org → https://codeforsacramento.org/ ❌ Redirects to http https://www.codeforsacramento.org → http://codeforsacramento.org/ ❌ Stays on http http://codeforsacramento.org → http://codeforsacramento.org/

This is despite the fact that both use GitHub pages and they have the same settings, from what I can see. The Open Budget Sac CNAME and Code for Sacramento CNAME both list only the naked domain. The GitHub Pages settings are the same as well, only specifying the naked domain name.

[MonstersInc-sudo]

I would try this potential fix since Certbot will likely be too much work.

https://stackoverflow.com/questions/54817253/github-pages-https-www-redirect

May be as simple as refetching the cert.

[natebass]

@MonstersInc-sudo I switched the setting to www.codeforsacramento.org, waited 5 minutes, and then switched it back to codeforsacramento.org. It looks like the issue is resolved on my Windows computer.

I'm going to leave the issue open for a bit and make sure we don't see the issue on any other machines. But it looks like it is resolved!

[natebass]

I checked on multiple computers and it is no longer redirecting to unsecured site.

[natebass]

The issue persisted in Edge on Windows after it was working on Chrome and Android.

To fix this, I typed edge://net-internals/#dns in the search bar in Edge. On the resulting page, press the "Clear host cache" button.

Other possible steps include running ipconfig /flushdns in PowerShell and pressing Ctrl+F5 on the website in question.