In June 2020, DotGov issued an announcement concerning HSTS and automatic preloading of .gov domains. To summarize: starting September 1, 2020, any newly issued .gov domains will only be accessible via HTTPS, and, at some point in the future, this will affect all .gov domains.
To be in compliance, all .gov domains issued after September 1st, 2020 will need to have valid SSL (TLS) certificates applied to the bindings of each .gov domain on the hosting provider’s web server. Previously issued .gov domains will also need valid certificates applied before the .gov TLD preloading occurs, at some point in the future.
What to do if you are a .gov domain owner
To prepare for any upcoming changes, you can ensure you are compliant by checking to see whether https://[yourdomainhere].gov loads on your CivicPlus website.
If this does not load, first check to ensure http loads. If http also does not load, check to see if the DNS record for the domain is pointing to the IP of your site.
If http loads but https does not, you may need to purchase an SSL certificate for the domain. Please contact your CivicPlus client success manager or account manager to get set up with an SSL certificate for the domain.
If you are currently covered by a DDoS Advanced Security package or Platinum Security package for the domain, you can contact CivicEngage Support to have HSTS enabled now, before it is enforced by the TLD preloading measures.