SSL certificates no longer work in Google Chrome

Support
, ,
1

Bug Summary

Not sure if this is a Local bug or rather a Google Chrome bug (couldn’t find something among their bug reports), but since I upgraded to the latest version of Local, most local sites are no longer trusted in Google Chrome. It works fine with Mozilla Firefox and Microsoft Edge (which ironically is Chromium based).

Steps to reproduce

  1. Create a new site.
  2. Trust the SSL certificate of the site via the Local UI.
  3. Log into the WP admin and change the home/site URL to https.
  4. Reload the site in Google Chrome. It will be flagged and

Environment Info

Windows 11
NGINX, PHP 8.0.22, MySQL 8.0.16
Local 6.4.3+6116

Supporting info

Here’s a screenshot -

image
image1040×1142 62.1 KB

Here’s an example of the error and certificate -

NET::ERR_CERT_INVALID

Subject: aioseodev.local
Issuer: aioseodev.local
Expires on: Jan 28, 2031
Current date: Sep 29, 2022

PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIJSBumt8RWac1HMA0GCSqGSIb3DQEBCwUAMIGTMRgwFgYD
VQQDEw9haW9zZW9kZXYubG9jYWwxCzAJBgNVBAYTAlhYMQswCQYDVQQIEwJYWDEW
MBQGA1UEBxMNRmFrZSBMb2NhbGl0eTEiMCAGA1UEChMZU3VwZXIgRmFrZSBDb21w
YW55LCBGYWtlLjEhMB8GA1UECxMYRmFrZSBPcmdhbml6YXRpb25hbCBVbml0MB4X
DTIxMDEyODE0MjcwMloXDTMxMDEyODE0MjcwMlowgZMxGDAWBgNVBAMTD2Fpb3Nl
b2Rldi5sb2NhbDELMAkGA1UEBhMCWFgxCzAJBgNVBAgTAlhYMRYwFAYDVQQHEw1G
YWtlIExvY2FsaXR5MSIwIAYDVQQKExlTdXBlciBGYWtlIENvbXBhbnksIEZha2Uu
MSEwHwYDVQQLExhGYWtlIE9yZ2FuaXphdGlvbmFsIFVuaXQwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDLCyhIppfRBgE0WYQ65RW7q5u5fBr3DU/TnKGs
sfWpDWZH7w05SckzgFuuHsKGAQPWy+tVsDAxgfCHvzBNW3iQkXBkT5/jxFX0Bqv1
rNxAiI3o7FWlJ1j7wodIkHv8d42IUfl0HofZob7O3LK8DHdwEsNw8/puScCM6HuS
CyPoX61YnCa06RodMORLhQZYBqwbNG3VL3r07uShhY9AE7J2DBTjhdN7nM9rk4eZ
zlvqrnsv5jtHdmfUOM1Bd3FOmD38BhWc8R/yKQqKejPBlvmeZ7EG5Ou9LQKbzSJ4
By5cUrP23tccIgQSxlsQUAtFc+JauRGZ6yiO2bSZ02INItXjAgMBAAGjgbkwgbYw
CQYDVR0TBAIwADALBgNVHQ8EBAMCAvQwOwYDVR0lBDQwMgYIKwYBBQUHAwEGCCsG
AQUFBwMCBggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMIMBEGCWCGSAGG+EIB
AQQEAwIA9zAdBgNVHQ4EFgQUvvUM1wh9o29gPoE40c7Mld0Ay0IwLQYDVR0RBCYw
JIIPYWlvc2VvZGV2LmxvY2FsghEqLmFpb3Nlb2Rldi5sb2NhbDANBgkqhkiG9w0B
AQsFAAOCAQEAiXuDYYf5Bbq8Y2R4AErhJP8Utnq7QL2o2rdpQj4Mdm8UN+KOXJFU
FY/6RYZyjgs9muHskycdmJYdGXKUTmmMj25l259t8EmpMlQWoELrPMD9rROF3+5t
gTASy9s5j9IZzcj4Qe3srd9A1uXuR8cLj6yKOoRjJRqi56At0k4Nj0ZmG9k0GZZK
IuOZxXp3QudjC9Mwj1brxuVKX7DZqucmEh5hy9A9VX06L7GqeV0qmK3bEgprf9MY
Tzot6AFSzM77e201V5OeHOxfedm41x7CrZrzS09zCfqRiO4WRPeWI1SxRK0KoobL
dekF7Rn3VJp5cITb5ZqXgA1kdLJSzmzm9w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIJSBumt8RWac1HMA0GCSqGSIb3DQEBCwUAMIGTMRgwFgYD
VQQDEw9haW9zZW9kZXYubG9jYWwxCzAJBgNVBAYTAlhYMQswCQYDVQQIEwJYWDEW
MBQGA1UEBxMNRmFrZSBMb2NhbGl0eTEiMCAGA1UEChMZU3VwZXIgRmFrZSBDb21w
YW55LCBGYWtlLjEhMB8GA1UECxMYRmFrZSBPcmdhbml6YXRpb25hbCBVbml0MB4X
DTIxMDEyODE0MjcwMloXDTMxMDEyODE0MjcwMlowgZMxGDAWBgNVBAMTD2Fpb3Nl
b2Rldi5sb2NhbDELMAkGA1UEBhMCWFgxCzAJBgNVBAgTAlhYMRYwFAYDVQQHEw1G
YWtlIExvY2FsaXR5MSIwIAYDVQQKExlTdXBlciBGYWtlIENvbXBhbnksIEZha2Uu
MSEwHwYDVQQLExhGYWtlIE9yZ2FuaXphdGlvbmFsIFVuaXQwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDLCyhIppfRBgE0WYQ65RW7q5u5fBr3DU/TnKGs
sfWpDWZH7w05SckzgFuuHsKGAQPWy+tVsDAxgfCHvzBNW3iQkXBkT5/jxFX0Bqv1
rNxAiI3o7FWlJ1j7wodIkHv8d42IUfl0HofZob7O3LK8DHdwEsNw8/puScCM6HuS
CyPoX61YnCa06RodMORLhQZYBqwbNG3VL3r07uShhY9AE7J2DBTjhdN7nM9rk4eZ
zlvqrnsv5jtHdmfUOM1Bd3FOmD38BhWc8R/yKQqKejPBlvmeZ7EG5Ou9LQKbzSJ4
By5cUrP23tccIgQSxlsQUAtFc+JauRGZ6yiO2bSZ02INItXjAgMBAAGjgbkwgbYw
CQYDVR0TBAIwADALBgNVHQ8EBAMCAvQwOwYDVR0lBDQwMgYIKwYBBQUHAwEGCCsG
AQUFBwMCBggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMIMBEGCWCGSAGG+EIB
AQQEAwIA9zAdBgNVHQ4EFgQUvvUM1wh9o29gPoE40c7Mld0Ay0IwLQYDVR0RBCYw
JIIPYWlvc2VvZGV2LmxvY2FsghEqLmFpb3Nlb2Rldi5sb2NhbDANBgkqhkiG9w0B
AQsFAAOCAQEAiXuDYYf5Bbq8Y2R4AErhJP8Utnq7QL2o2rdpQj4Mdm8UN+KOXJFU
FY/6RYZyjgs9muHskycdmJYdGXKUTmmMj25l259t8EmpMlQWoELrPMD9rROF3+5t
gTASy9s5j9IZzcj4Qe3srd9A1uXuR8cLj6yKOoRjJRqi56At0k4Nj0ZmG9k0GZZK
IuOZxXp3QudjC9Mwj1brxuVKX7DZqucmEh5hy9A9VX06L7GqeV0qmK3bEgprf9MY
Tzot6AFSzM77e201V5OeHOxfedm41x7CrZrzS09zCfqRiO4WRPeWI1SxRK0KoobL
dekF7Rn3VJp5cITb5ZqXgA1kdLJSzmzm9w==
-----END CERTIFICATE-----
2

Hi @abroes! Do you have any antivirus, firewall or security applications running on your machine that could be conflicting? Or any specific browser extensions that are only running on Chrome?

We have some other troubleshooting details here: SSL in Local - Local

3

Besides Windows Defender I don’t have antivirus or firewalls running on this machine.

I went through all the steps but am still having the issue. while it works fine in Mozilla and Microsoft Edge. I think it’s a bug on Google Chrome’s end so far now I’ve just started using the thisisunsafe method to get past the block.

4

Have you tried flushing the Chrome cache? Checking for a browser update or reinstalling Chrome?

5

Hello @abroes -

I wanted to follow up here, did you try what @Nick-B suggested (flushing Google Chrome’s cache, reinstalling chrome, etc)?

Thank you!

Sam

6

Hi, I came to this forum to report the same thing - “Your connection is not private” also happening to me now as of today. In my case, I think it was working on the latest version of Local, and latest Win 11.

I do recall a Chrome tab of a few days ago indicating a new release so my hunch would be that it IS indeed something going on between Chrome and Local.

HOWEVER, I just got an update to Firefox, which I applied and tried the site there and I am getting the error “Warning: Potential Security Risk Ahead” there as well.

I wonder if Local needs to update their code somewhere for these latest browser updates?

UPDATE: I installed the new Local Beta 6.5.1 and imported the website. Clicked TRUST. Then the WP Admin button and I successfully got to the login screen. However, I tried the same thing on another site, and for that one, I still got the privacy issue. So, one got fixed not the other. Not sure why. But at least the trust status is properly displayed and sticky in this version of Local.

7

@sambrockway I tried those steps, but it’s still an issue I’m afraid. It’s rather random.

8

Personally, I’ve decided to “proceed” on the warning screen cuz I don’t have time for this crap. I then went into the site’s WP Settings - General and changed my URLs to http only in order to avoid this issue. My sites are being developed locally and only I access them so I will reinstate the HTTPS when Local rolls out a fix, or once I publish and deploy the site to the internet.

9

Same problem for me too :pensive:

Same environment, all updated to the latest version available.

The latest Google Chrome update broke something.
In fact, while before everything worked correctly, now only with Chrome the certificate does not want to work. Edge and Firefox recognize this without any problem.

Let’s hope they solve it because I only use Chrome for development and I don’t want to change browsers just for that.

10

I’m also experiencing this same issue.

Local Version 6.4.3+6116
macOS 12.6
Latest version of Chrome (Version 107.0.5304.62 (Official Build) (arm64))

This was working fine as of last week or so (maybe 2 weeks ago). Only started when I upgraded to the “manual” version of Local that I had to download/install for Mac. Any ideas?

11

Hello all -

Thank you for reporting this bug and sharing details.

For those of you who are experiencing this issue can you please provide the following information if you haven’t yet:

  • Local version
  • Operating system
  • Version of Chrome

Thank you for helping us isolate the issue,

Sam

12

Hi I have the same issue with chrom. All sites shows SSL issue :
"Your Connection is not private " with NET::ERR_CERT_INVALID

Local version 6.1.8+5621
operating system:widows 10
version of Chrom :107.0.5304.63

13

Not a single website in Chrome works for me either:
SSL certificate is invalid.
Unfortunately, even if all files are deleted from the “certs” folder and the certificate is created again.

Local version 6.5.1+6195
Operating system:windows 11
Version of Chrome:107.0.5304.88

Any solution in sight, would be important.
It is probably due to the update of Chrome, because in Edge it works

14

Same issue here in Chrome after updating to 6.5.1 this morning. Tried rolling back to 6.4.3 but still getting the issue. Tried flushing/deleting all old cookies/cache etc. and can’t get it to work again.

Confirmed that it still works in Edge.

Local version 6.5.1
Operating system: Windows 11
Version of Chrome: 107.0.5304.88 (Official Build) (64-bit)

15

I’m seeing this exact issue again on Mac Big Sur 11.6.1, Chrome Version 107.0.5304.87 (Official Build) (x86_64).

Happening on all sites, and all of a sudden. Only seems to be happening in Chrome.

17

Issue Summary

Chrome does not trust after chrome update. Even if old crt is deleted and recreated with Local
One or two sentence summary of the issue.
OSX 12.6 Version 107.0.5304.87 (Official Build) (arm64) and Local 6.4.3+6116

Troubleshooting Questions

  • Does this happen for all sites in Local, or just one in particular?
    all existing sites
  • Are you able to create a new, plain WordPress site in Local and access it in a Browser?

Replication

Describe the steps that others can take to replicate this issue. If you have screenshots that can help clarify what is happening, please include them!
Update Chrome and see the Not Secure warning page

System Details

  • Which version of Local is being used?
    Local 6.4.3+6116
  • What Operating System (OS) and OS version is being used?
    • For example: macOS Catalina or Windows 10 Professional
      OSX 12.6 Monterey
  • Attach the Local Log. See this Help Doc for instructions on how to do so:

Security Reminder

Local does a pretty good job of scrubbing private info from the logs and the errors it produces, however there’s always the possibility that something private can come through. Because these are public forums, always review the screenshots you are sharing to make sure there isn’t private info like passwords being displayed.

1 Like
18

Got same result :slight_smile:

19

Updating OpenSSL to 3.0.7 and deleting/recreating certificate worked for me
Link to another post

2 Likes
20

Hey @abroes – I took a closer look at the certificate to see what was going on, and it looks like it’s related to a bug that we fixed in an earlier version of Local: SSL Not working on Chrome with NET::ERR_CERT_INVALID

We did ship a fix with Local, but looking at the certificate you provided, it seems that’s using a cert generated on an older version of Local.

For example, if I save that certificate and examine it with openssl, I see that the CA value is set to false:

Image 2022-11-07 at 10.46.43 AM
Image 2022-11-07 at 10.46.43 AM1784×1004 240 KB

One question I have – have you used this site for a long time? For example, I think we released the fix for this back in March/April of 2022. Did you create, and trust the certificate for this site before that time?

Since it looks like you are on the latest version of Local, I think you can have Local regenerate the certificate for you by doing a couple manual steps:

  1. Navigate to where Local stores the certificates for the sites. The easiest way is to click the “Reveal Local router’s logs” from the help menu, and then click through to the cert folder
  2. Delete the key/cert pairs
  3. Quit, and re-start Local, and click the “Trust” button for each site so that Local will re-generate the missing cert and re-register it with the OS.

Here’s a screenshot to help visualize where to go on Windows:

Image 2022-11-07 at 11.33.00 AM
Image 2022-11-07 at 11.33.00 AM1920×805 108 KB

My hunch is that this site was created a while ago and was using a certificate that was generated on an earlier version of Local. @abroes – can you give that a shot and let us know how it goes?

4 Likes
21

Note that this thread is for a very specific error – the ERR_CERT_INVALID error, which will only show up under Chrome.

For others that have chimed in, can you help us verify that this is the exact same issue that you are encountering?

To help clarify things can you after trusting the certificate and manually navigating to the site (note that you’ll need to manually put the https:// in front of the url) these things are true:

  • You’re using the latest version of Chrome (107.0.5304.87 as of Nov, 7th 2022)
  • You’re on the latest version of Local (6.5.1 as of Nov, 7th 2022)
  • You have regenerated the certificates for your sites. This can be done by deleting the certificates and re-trusting them like what is outlined in the previous reply.

If you do still have issues, we’d like to be able to reproduce it! The best way for us to be able to fix something is if we have enough info to recreate the issue. In that spirit, can you help us by providing these details:

  1. What OS and version of OS are you using
  2. What version of Local is installed
  3. What version of Chrome is installed
  4. The exact error message that you are seeing in Chrome. This will often be all-caps, with underscores instead of spaces. Something like ERR_CERT_DATE_INVALID
  5. Please provide a screenshot with the error showing so that we can get a little more context of what’s going on. Ideally you have the “Advanced” messages showing so that we get a better idea of what Chrome is complaining about.

If you need help on how to get that information from Chrome, this help doc has a couple of videos that show the process of examining a certificate in Chrome: