That's an old issue left over from a former admin who liked to use sub-domains instead of /directories just because it "looked cooler" to him, even though I told him from the beginning not to use them.
As a result, a lot of places outside of CS have links to old
http://whatever.cryptostorm.org/ pages that haven't been active since before HTTPS was forced on the forum in early 2013.
I've tried to fix as many broken links as I could find, but I'm sure there's still a bunch in the forum that I've missed.
In the fixed cases, I've converted the old
http://whatever.cryptostorm.org/ format to
whatever so that the page is accessible without any SSL errors
(So
http://pki.cryptostorm.org/ would be accessed at
pki , etc.)
As for cryptostorm.net, that's always been a simple redirect to cryptostorm.org, so anyone going to
https://cryptostorm.net/ would be doing so manually (or because of a browser addon). But that shouldn't be linked anywhere, even external to CS since there's never been a webpage on that domain.
EDIT:
As for HSTS and HPKP, the former was causing problems with a lot of browsers caching the incorrect subdomains, and most browsers don't allow you to bypass an HSTS error as you can a plain certificate error. If I remember correctly, the reason we didn't do HPKP on this website or the main cryptostorm.is one was related to those coming here using older browsers (which is often enough that it would cause issues).