SSL No longer trusted

Issue Summary

Hey everyone !
I just bought a new computer and did a fresh install of everything, including Local. So everything is up to date to the latest version. I’m running latest Ubuntu 20.

However, I have a ERR_CERT_AUTHORITY_INVALID error on all of my sites. And I cannot get rid of it. All sites are noted as “Trusted” and even exporting the certificate on Chrome and importing it in the Authority tab doesn’t work.

Usually, if trusting via Local is not enought, importing the certificate is enough to bypass the unsecure connection warning.

I’m not an expert in SSL. How can I solve this ?
Thanks a lot !

1 Like

same issue

1 Like

Hey @foleymon – are you on the latest Ubuntu as well, or a different OS?

@Vincent are you getting the same error if you create a new, plain WordPress site and generate an SSL cert that way? One other follow-up question, what version of WordPress sites are installed?

I’d love to make sure I have a good idea of how to replicate this!


In terms of the more general issue, in Local’s case, I’m guessing that the ERR_CERT_AUTHORITY_INVALID is boiling down to the browser complaining about a self-signed cert.

As browsers get more strict about the certs they accept, we (the Local team) have been toying with different ideas for how to solve this – it’s definitely not easy for all the OSes Local runs on!

Hi, thanks for your quick answers everyone !
I just tried on a brand new site instead of an imported one and it doesn’t work.
Everything is up to date : Local, my OS, WordPress, Chrome, Firefox.
Did you change how you’re handling SSLs in recent version of Local ? Because everything runs smoothly on my older computer. I was running Local v5.0.7 (Old !)

You need to make it easier to delete the certificates, refresh them, and re-trust them. That is it. Linux users are able to solve these problems themselves if we are given the tools to take the actions we need.

Hunting through logs to find the cert location, deleting it, and then having to manually locate the cert again and re-trust it because the GUI element that lets you trust a certificate thinks it is trusted when it is not, is unfortunately not very sustainable.

It should be possible for a user to untrust, disable, remove, and then regenerate and re-trust certificates. That way you aren’t talking about “how do we prevent errors in Linux” (not happening), you’re talking about “how can we make it easy for users to ‘refresh’ this state and fix the problem themselves.”

8 Likes

Hi Ben-
I’m still having that issue. Sorry to the delay in getting back to you.
Here’s what I’m running.
Latest version of wordpress. This error was after several days of working fine before the initial and persistent warning.

5.4.0-48-generic #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

I’m having the same problem, did anyone get an answer to this issue yet, I’ve just started using local so im not very familiar with this issue.

Remove the router/ directory and restart Local to clear out the SSL certificates:

rm -rf ~/.config/Local/run/router/

In Chrome, do NOT try to get the certificate to work - when you get the SSL warning, click Advanced > Proceed to this site (unsafe) and Chrome will add a security exception and mark the HTTPS lock red and so on.

For whatever reason, trying to get certificates to work will break the site completely, and Chrome will say “this site sent scrambled credentials” and refuse to load the page. Just follow the instructions above to add a security exception and ignore the invalid SSL certificate, do not bother trying to get it to work.

1 Like

Hi, thanks for your tip.
I understand the answer, but I’m trying to get them to work, not ignore the warning.
I used to need to add them to the list of trusted Authorities in Chrome, and everything worked fine.
Now that doesn’t work anymore.
I wonder why.

Any news on this? I’ve just set up a new machine running macOS Big Sur, installed Local, moved my sites across, and am getting “Not Secure” on my sites which were working as expected over https previously on Mojave. Certificates are trusted, and I am running all the same software with the exception of the OS.

1 Like

I just got the same issue on windows 10, freshly installed newest local. I pulled site from flywheel, and I can’t open it at all - it says ERR_CERT_AUTHORITY_INVALID, and in Edge there is not even a “open anyway, I know the risk” button, so I can’t work in Edge where all my tools are. Chrome opens it without problems though.

Same for me on a fresh install of Big Sur 11.2.1

Would be great if we could get a comment, even just an acknowledgement, from Flywheel support.

Is there are any news on this?
Or could you at least tell us how to get our sites to work without https and use plain http?

Any help that points me in the right direction would be great because atm I can not do my job :frowning:

1 Like

just found out that if I delete the site and its files to recreate it…
It has somehow remembered that it’s a trusted certificate…

So does that mean that even if we delete a site, it doesn’t get complete deleted? :frowning:

In this case, if you are wanting to proceed without ignoring the warning, you’ll need to buy and install a certificate from a trusted authority.

Due to the way that browsers are getting more strict about the kinds of certificates they accept, Local won’t be able to trust SSL in the way that it has traditionally.

There hasn’t been work done on this in favor of other bugs and features that have come up.

You’re right that this is still an issue. As mentioned earlier, this is due to browsers becoming more strict about the kind of certificate that they accept. The connection to the Local site is secure and the same that it’s always been and we’re exploring other ways of making this workflow better.

When Local runs the “Trust SSL” functionality, it basically registers the certificate with the computer’s keychain. It sounds like deleting the site doesn’t delete the entry that was registered.

What’s probably happening is creating the new site with the same name within Local is just re-creating the certificate where the entry is expecting it to be.

What’s odd is, Local is working fine on my other machine running Big Sur 11.2.1. I got a new machine and none of the SSLs are working anymore with a fresh install of Local (5.9.8+5191 on both machines). It seems, if it was a browser issue, it would be consistent across both of my machines running the latest version of macOS and the latest version of Chrome/FF/Safari.

1 Like

@redbranchmedia – can you try the solution in this forum topic:

For a more visual walkthrough of the process, this help doc should point you in the right direction:

2 Likes

Success!! So glad to have this fixed. Thank you!

1 Like

I suspect the SSL issues could be due to the fact that Chrome (and chromium based browsers) now limit the the validity of SSL certificates to one year where as Local issues 10 year certs. https://www.certisur.com/en/google-chrome-limits-the-validity-of-ssl-certificates-to-one-year/

How would I go about reducing the time for which a self-signed cert is valid?