How to access private Webpage protected by HSTS on outdated SSL?

Question

Unfortunately, I missed to update the SSL Certificate of my Solar Smart Logger.

I do not have SSH access to this device, the only way to configure it is through the web interface. That is why I had to upload my Let's encrypt cert (for split-brain DNS) a few months ago via a form field.

Now, I missed updating the SSL certs, and I also did not notice that the Logger has HSTS enabled. It seems I cannot get access to the Interface anymore - including direct IP access.

Is there any other way to reach the Interface (other than resetting the complete hardware)?

Answer 1

This was easy! I really thought this wouldn't be possible.

Here's how to do it, client side only:

1. In Chrome, go to chrome://net-internals/#hsts
2. In the text field below "Delete domain", type the domain name (e.g. in my case, logger.subdomain.mytld.com and delete it
3. Open the domain: Chrome will warn, but the button "Proceed.." is available.
4. Update SSL cert
5. (Enable HSTS again by adding the domain)