Issue Summary

As of yesterday (Oct 28), all LOCAL sites that have a TRUSTED certificate are no longer working in Google Chrome. All non-SSL LOCAL sites are working fine. Working fine in both Safari and Firefox

System Details

• Which version of Local is being used?

6.1.5

• What Operating System (OS) and OS version is being used?

Big Sur - 11.6

• Attach the Local Log. See this Community Forum post for instructions on how to do so:

local-lightning.log (623.8 KB)

Security Reminder

Local does a pretty good job of scrubbing private info from the logs and the errors it produces, however there’s always the possibility that something private can come through. Because these are public forums, always review the screenshots you are sharing to make sure there isn’t private info like passwords being displayed.

Seeing this as well, It doesn’t matter which browser. It is also impacting if you are making any SoapClient connections as well. Even if you have ssl_verify to 0 it still is failing due to an expired cert

I also am seeing this and Chrome isn’t being helpful and telling me exactly why it doesn’t like the certificate anymore.

Creating a new site and trusting that certificate seems to work.

I also tried deleting the old certificate in Keychain, restarting Local and then clicking the “trust” button again to generate a new certificate and finally trust that new certificate in Keychain again.

We have the same issue in Chrome Version 95.0.4638.54 on MacOS 11.4

As a temporary workaround you can type thisisunsafe to skip the error message.

I attempted deleting and re-trusting the certificate in LOCAL. As well as restarting computer, Chrome, etc. No dice.

Same issue here. Affects all browsers (Chrome, Firefox and Edge) on a mac. Cleared Keychain and added it again, but it’s a no go.

System Details

• Which version of Local is being used?

6.1.5

• What Operating System (OS) and OS version is being used?

Big Sur - 11.6.1

• Attach the Local Log. See this Community Forum post for instructions on how to do so:
  local-lightning.log (5.7 KB)

It’s interesting to me that I can’t replicate this on a new, plain WordPress site in Local.

@woda @richarddavis – what is the specific error that the browser is giving you for why it’s not accepting the certificate?

@richarddavis – is the error the same for each browser?

Do you get the same error when creating a new, plain WordPress site and trust the certificate that way?

One thing that does come to mind is that maybe there’s an HSTS header being added for the specific site that you’re working on?

For the site(s) that are having issues, are there any plugins that might be trying to optimize things or make WP more secure?

I’m thinking something like a caching plugin, or maybe something that tries to automatically configure SSL for the site.

Let me clarify what’s going on for me. I am the one who started this thread.

1. I have over 50 local flywheel sites and I’ve been using this process for building sites for years now. This problem began very suddenly the other day. No software changes that I’m aware of, unless there was a Chrome update I missed.

2. It is ONLY happening in Chrome. I’ve tried clearing the cache and using incognito windows.

3. It is ONLY happening for sites that I have pulled from Flywheel that are secure and therefore use “https” locally. Any site that doesn’t yet have SSL on Flywheel is working fine. Any new LOCAL site is fine IN CHROME. It’s AFTER interacting with FLYWHEEL hosting that things go off the rails.

4. I have restarted everything several times just to be sure.

Here is the error. pna.local is just one of the sites I’m using as this example.

Your connection is not private

Attackers might be trying to steal your information from pna.local (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_INVALID

To get Chrome’s highest level of security, turn on enhanced protection

ReloadHide advanced

pna.local normally uses encryption to protect your information. When Chrome tried to connect to pna.local this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be pna.local, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.

You cannot visit pna.local right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.

I am also experiencing this issue, same error as @razorbraille described above.

This is a really good piece of feedback, thank you for calling it out! Let me see if I can zero in on anything related to this!

One last thing. I think this started when the latest LOCAL update happened (release Oct 14). Looking back it was very recently - maybe in the last week - that I go prompted that there was a new version of LOCAL. It might have been the day this started.

Sorry - last thing. Just to be super clear. Safari and Firefox are 100% fine. Full HTTPS, padlock, etc.

@ben.turner “Your connection is not private”/ Not Secure as the certificate is not valid.

• Same message in all browsers
• All 12 local sites that were working before now all have the same error
• Same error creating a new site (clean / plain WordPress site) with the certificate trusted in local and Keychain.

@ben.turner

123.local.cer.zip (1.3 KB)
Terminal Saved Output.log (8.3 KB)

Screenshot 2021-11-02 at 9.08.04 PM1640×1472 160 KB

Screenshot 2021-11-02 at 9.08.34 PM1654×1470 160 KB

Thanks for providing that example certificate! I still have to check on a few things, but I wonder if somehow, the cert is being corrupted when generating that certificate?

I was able to resolve it with an updated ca-bundle that is rolling out in 5.9

https://core.trac.wordpress.org/browser/trunk/src/wp-includes/certificates/ca-bundle.crt?rev=51883

replace your local ca-bundle with this one

Any update on this? I tried fooling with the ca-bundle that @aware posted above but couldn’t get it to work.

Any update on this would be greatly appreciated. It’s no small thing.

Is the plan that we wait until 5.9 is released

Same problem here, I can only get Local working in Safari but it runs extremely slow…

The issue is only for Flywheel sites with SSL, any local PHP dev works fine.

Any update on this? Thanks!