SSL certificates no longer work in Google Chrome

@ben.turner thanks for getting back to me.

One question I have – have you used this site for a long time? For example, I think we released the fix for this back in March/April of 2022. Did you create, and trust the certificate for this site before that time?

So, this was interesting. As asked, I went to the certificates folder and deleted the relevant one. Before I deleted it, I saw that the certificate was generated in 2021. That’s remarkable since this particular site was created at the start of September 2022. I believe that I had a site with the same name some time ago and I guess Local never deleted the original certificate. So, it might be good idea in the future for Local to delete the SSL certificates whenever a site is deleted.

That being said, after deleting the certificate and generating a new one, I’m still seeing the same issue. Google doesn’t trust the certificate. I also had the issue on a few other sites that I created in the past few weeks, so this isn’t the solution I’m afraid.

Below is a ZIP file with the new certificate/key in case you’re interested:
ceritificate-and-key.zip (2.7 KB)

I’ll also respond to your other general questions below:

To help clarify things can you after trusting the certificate and manually navigating to the site (note that you’ll need to manually put the https:// in front of the url) these things are true.

The site URL in WP is set to HTTPS.

  • You’re using the latest version of Chrome (107.0.5304.87 as of Nov, 7th 2022)

Yes.

  • You’re on the latest version of Local (6.5.1 as of Nov, 7th 2022)

I’m still on 6.4.3+6116. No updates available (on Windows).

As requested, I verified that I am on the latest version of Chrome and Local (6.5.1).

I then went in and cleared all existing cert files from the certs directory, restarted Local, then re-trusted them.

This does seem to have resolved the issue. The certs are now working in Chrome for me.

For what it’s worth, all my old site certs that I removed before re-trusting were dated ~12/14/2021.

EDIT: I’m on Windows 11, in case that helps narrow the issue down.

2 Likes

Same issue as above

  1. MacOS Monterey 12.5
  2. Local 6.4.3+6116
  3. Chrome Version 107.0.5304.87 (Official Build) (x86_64)
  4. Error NET::ERR_CERT_INVALID

Hi Ben, I think this might be tied to the last OpenSSL vulnerability as this came out of nowhere today on our two devices. How I fixed it is described in this post. I have tried multiple restarts/removal/etc. without updating OpenSSL and it was all without any luck to run it via https://. All devices are running the latest macOS Ventura, latest Locals and latest Chrome/FF/Safari. I can not remember what exact message was shown there, but I think the one that is related to self-signed certs or the one the one that will be shown, when you access https:// site with proper cert.

Edit: Maybe it helped to switch (and link) from LibreSSL 3.3.6 to OpenSSL 3.0.7 as this was on all our macs before.

1 Like

Hello @kmathis,

Thank you for supplying those details! There is an additional piece of information that might help us narrow down the issue: if you don’t mind, open a terminal on your machine, run the command openssl version, and let us know what version details you get.

Here is what I get when I run it on my machine:
Screen Shot 2022-11-07 at 4.34.22 PM

We appreciate you helping us to get to the bottom of this issue!

This is great data! Thank you!

As a quick follow-up, could you help us get an additional piece of information regarding your OpenSSL version?

Open a terminal on your machine, run the command openssl version, and let us know what version details you get.

Here is what I get when I run it on my machine:
Screen Shot 2022-11-07 at 4.34.22 PM

We appreciate you helping us to get to the bottom of this issue!

I’m on Windows so that command doesn’t work in the site’s terminal - Screenshot at November 8th 2022 - 12.03.26 am@1.25x.png - Droplr

I am getting this error too, on Windows and running:

  • Windows 10 21H2(19044.2130)
  • Chrome 107.0.5304.88
  • Local 6.5.1+6195
  • Error: NET::ERR_CERT_INVALID

Local: 6.5.1+6195
macOS: 13.0
Chrome: Version 107.0.5304.87 (Official Build) (arm64)

2022-11-08 at 11.46.42

Issue Summary

The old issue is back?
After upgrade I cannot access existing local sites in either Chrome or Firefox.
Chrome blocks completely, FF allow unsafe access. All app’s are updated

Happens on most sites that were recently (2 month) updates.
Some older ones are stil OK.

Cannot create a new, plain WordPress site in Local and access it in a Browser. Same probelm

Replication

Add new site using defaults - see screenshot above.

System Details

  • Local v 6.5.1+6195 on Windows 10 Pro.

  • Attach the Local Log. See this Help Doc for instructions on how to do so:

2022/11/08 04:37:13 [warn] 17168#1652: *585 a client request body is buffered to a temporary file C:\Users\Lenovo\AppData\Roaming\Local\run\router\nginx/temp/client_body_temp/0000000001, client: 127.0.0.1, server: future.local, request: "POST /wp-admin/edit.php?post_type=acf-field-group&page=acf-tools HTTP/2.0", host: "future.local", referrer: "https://future.local/wp-admin/edit.php?post_type=acf-field-group&page=acf-tools"
2022/11/08 04:39:01 [warn] 17168#1652: *585 a client request body is buffered to a temporary file C:\Users\Lenovo\AppData\Roaming\Local\run\router\nginx/temp/client_body_temp/0000000002, client: 127.0.0.1, server: future.local, request: "POST /wp-admin/edit.php?post_type=acf-field-group&page=acf-tools HTTP/2.0", host: "future.local", referrer: "https://future.local/wp-admin/edit.php?post_type=acf-field-group&page=acf-tools"
2022/11/08 04:44:32 [warn] 17168#1652: *585 a client request body is buffered to a temporary file C:\Users\Lenovo\AppData\Roaming\Local\run\router\nginx/temp/client_body_temp/0000000003, client: 127.0.0.1, server: future.local, request: "POST /wp-admin/admin-ajax.php HTTP/2.0", host: "future.local", referrer: "https://future.local/wp-admin/post.php?post=14376&action=edit&classic-editor"
2022/11/08 04:44:34 [warn] 17168#1652: *585 a client request body is buffered to a temporary file C:\Users\Lenovo\AppData\Roaming\Local\run\router\nginx/temp/client_body_temp/0000000004, client: 127.0.0.1, server: future.local, request: "POST /wp-admin/post.php HTTP/2.0", host: "future.local", referrer: "https://future.local/wp-admin/post.php?post=14376&action=edit&classic-editor"
2022/11/08 10:52:04 [warn] 17168#1652: *585 a client request body is buffered to a temporary file C:\Users\Lenovo\AppData\Roaming\Local\run\router\nginx/temp/client_body_temp/0000000005, client: 127.0.0.1, server: future.local, request: "POST /wp-admin/edit.php?post_type=acf-field-group&page=acf-tools HTTP/2.0", host: "future.local", referrer: "https://future.local/wp-admin/edit.php?post_type=acf-field-group&page=acf-tools"
2022/11/08 10:53:34 [warn] 17168#1652: *585 a client request body is buffered to a temporary file C:\Users\Lenovo\AppData\Roaming\Local\run\router\nginx/temp/client_body_temp/0000000006, client: 127.0.0.1, server: future.local, request: "POST /wp-admin/admin-ajax.php HTTP/2.0", host: "future.local", referrer: "https://future.local/wp-admin/post.php?post=14368&action=edit&classic-editor"
2022/11/08 10:53:35 [warn] 17168#1652: *585 a client request body is buffered to a temporary file C:\Users\Lenovo\AppData\Roaming\Local\run\router\nginx/temp/client_body_temp/0000000007, client: 127.0.0.1, server: future.local, request: "POST /wp-admin/post.php HTTP/2.0", host: "future.local", referrer: "https://future.local/wp-admin/post.php?post=14368&action=edit&classic-editor"
2022/11/08 12:56:26 [crit] 17168#1652: *1242 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 12:56:26 [crit] 17168#1652: *1243 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 12:57:14 [crit] 17168#1652: *1245 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 12:57:14 [crit] 17168#1652: *1246 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 13:04:51 [crit] 17168#1652: *1251 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 13:04:51 [crit] 17168#1652: *1252 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 13:21:21 [crit] 3216#18828: *4 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 13:21:21 [crit] 3216#18828: *6 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 13:22:43 [error] 11876#8740: *63 connect() failed (10061: No connection could be made because the target machine actively refused it) while connecting to upstream, client: 127.0.0.1, server: dtoday.local, request: "GET /wp-content/uploads/2020/12/digma_bottom_bg.jpg HTTP/2.0", upstream: "http://127.0.0.1:10058/wp-content/uploads/2020/12/digma_bottom_bg.jpg", host: "dtoday.local", referrer: "https://dtnext.local/"
2022/11/08 13:23:15 [crit] 21192#3896: *3 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 13:23:15 [crit] 21192#3896: *4 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 13:24:15 [crit] 21776#21896: *8 SSL_write() failed (10053: An established connection was aborted by the software in your host machine) while sending to client, client: 127.0.0.1, server: havilon.local, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:10191/", host: "havilon.local", referrer: "https://havilon.local/"
2022/11/08 13:24:16 [crit] 21776#21896: *15 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 13:24:16 [crit] 21776#21896: *17 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 13:25:34 [crit] 7572#22728: *4 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 13:26:12 [crit] 21508#19404: *3 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443
2022/11/08 13:26:12 [crit] 21508#19404: *4 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection, client: 127.0.0.1, server: 0.0.0.0:443

Just logged in to say I’m facing the same issue here, but not on all Local sites. Just the sites I actually want to work with today :slight_smile:

Steps to Reproduce:

  1. Updated Chrome to 107.0.5304.87
  2. Opened local WP site and get cert issue.

I’ve tried to recreate the trusted certs without luck.

All sites working in FF and safari.

Thank you for the info!

1 Like

Gotcha! It might be best if we check to see if OpenSSL is installed. Could you take a look in Control Panel<Programs and see if you have anything installed that includes ‘SSL’ in the name? Thank you for your patience!

This worked! Thanks

With today’s update of Chrome to version 107.0.5304.107 you can at least open the “unsafe” backend again. The function “Continue to xyz (unsafe)” is available again.

Worked! :slight_smile:

I don’t have any SSL related apps installed on my machine.

With today’s update of Chrome to version 107.0.5304.107 you can at least open the “unsafe” backend again. The function “Continue to xyz (unsafe)” is available again.

I am able to confirm this so at least there’s a temporary stopgap for now.

I have the same issue with SSL in Chrome after upgrading to MacOS Ventura, nothing else was updated. Works fine in other browsers.

NET::ERR_CERT_INVALID

MacOS Ventura
Chrome Version 107.0.5304.110 (Official Build) (x86_64)
Local 6.5.1+6195
LibreSSL 3.3.6

The note from @abroes about the “Continue” button is not actually present for me in that version of Chrome so it’s still not working.

1 Like

Same problem here. This JUST started today for some reason (no idea why as I haven’t updated anything lately). All sites in Chrome Windows give the NET::ERR_CERT_INVALID error.

*Windows 10 Pro 21H2 (19044.2251)
*Chrome Version: 107.0.5304.107 (Official Build) (64-bit)
*Local Version: 6.4.3+6116
*Error: NET::ERR_CERT_INVALID

Following this thread, I went into the /certs folder and deleted every key/pair. Restarted Local, and trusted a site, this proceeded to create certificates for every single site even though I only trusted the one (seemed weird). Didn’t fix my problem though, still same error.

I also have been noticing lately (and don’t remember this happening previously), is everytime I click Trust, I get a Windows Notification in the corner that says “Local is requesting administrative privelages to trust a certificate” no buttons to accept or anything, just the notice.

Got it! I’m glad that you were able to find a stopgap!