Trust SSL certificates in 6.3.1

Since upgrading to Local 6.3.1 and macOS Monterey 12.3 I get error messages all the time that certificates aren’t trusted for any websites. I have restarted and cleared cache and also deleted the old certificates both from Keychain Access and in certs folder nested in Application Support to recreate new certificates and then trust them again in Local and Keychain Access. The certificates are trusted when you inspect them in Safari but Local continues to display the banner.

website2078×1400 170 KB

certificate2078×1620 278 KB

[Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.","timestamp":"2022-03-16T15:00:29.816Z"}
[Note] Skipping generation of SSL certificates as certificate files are present in data directory.","timestamp":"2022-03-16T15:00:29.817Z"}
[Warning] CA certificate ca.pem is self signed.","timestamp":"2022-03-16T15:00:29.817Z"}
[Note] Skipping generation of RSA key pair as key files are present in data directory.","timestamp":"2022-03-16T15:00:29.817Z"}

Just re-installed 6.3.0 and SSL certificates are now trusted in Local for all websites without any other changes.

website2078×1400 151 KB

Ping @ben.turner and @austinwendt Any idea what’s going on and why SSL certificates not are trusted in Local 6.3.1?

This is happening with me too.

Same for me. I had to go back to 6.3.0.

Please fix the strange behavior with SSL certificates from Local once and for all.

I thought that you have to go into the mac keychain for each new site you create and manually trust the certificate there was only meant as a temporary solution, right? Are you still working on an alternative?

Or at least give us the possibility to use our own certificates. mkcert (https://github.com/FiloSottile/mkcert) for example is a working solution with which I never had problems. But you can’t use it in connection with Local.

Is Local even maintained any longer and by whom or do we have to go back to MAMP Pro or Docker for any local development? We have started to use DigitalOcean and SpinupWP together with WP Migrate Pro plugin due to lack of support for recent PHP versions.

Hi @emmtre - apologies as I was out of the office and missed your ping earlier in the thread.

We are looking into this issue this morning. Just to make sure I understand - functionally, there is no issue with the site or the SSL, just the Local UI showing the site as untrusted? I haven’t been able to reproduce on my end, but I’ll keep trying.

Can you share your full Local log file when you get a chance?

Thanks,
Austin

@emmtre @electricarts @CraigP – In addition to clarifying if this is only the Local UI that is broken, or that the actual certificates are invalid, can provide the Local Logs? You can get a zip of those logs by clicking the “Download Local Log” button from the “Support” tab of Local. See this help doc for more info about that button:

• https://localwp.com/help-docs/troubleshooting/retrieving-locals-log-file/#download-local-logs

Hi @austinwendt no problem. Yes that’s correct. Local 6.3.1 is showing all sites as untrusted but no other issues. Unfortunately I deleted all logs when I re-installed 6.3.0. The only SSL related is what I posted above.

[Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.","timestamp":"2022-03-16T15:00:29.816Z"}
[Note] Skipping generation of SSL certificates as certificate files are present in data directory.","timestamp":"2022-03-16T15:00:29.817Z"}
[Warning] CA certificate ca.pem is self signed.","timestamp":"2022-03-16T15:00:29.817Z"}
[Note] Skipping generation of RSA key pair as key files are present in data directory.","timestamp":"2022-03-16T15:00:29.817Z"}

website2078×1400 185 KB

Hi @ben.turner Unfortunately I deleted all logs when I re-installed 6.3.0. The only SSL related I found in the logs is what I posted above. All certificates are valid as you can see in my first post. They are displayed as trusted in Local UI version 6.3.0 but not 6.3.1.

[Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.","timestamp":"2022-03-16T15:00:29.816Z"}
[Note] Skipping generation of SSL certificates as certificate files are present in data directory.","timestamp":"2022-03-16T15:00:29.817Z"}
[Warning] CA certificate ca.pem is self signed.","timestamp":"2022-03-16T15:00:29.817Z"}
[Note] Skipping generation of RSA key pair as key files are present in data directory.","timestamp":"2022-03-16T15:00:29.817Z"}

certificate2078×1620 278 KB

Me and a coworker both had the same issue. I’m running macOS 12.3 and up until an hour ago I was running Local 6.3.1. Downgrading to 6.3.0 fixed the SSL trust issue. Not sure if it’s related, but I also encountered issues setting/trusting the Site Domain. I tried changing the name to an existing site to force it to try and trust the SSL, and noticed the new URL wasn’t being added to my system hosts file.

Thanks @emmtre and @cdharrison, that is helpful! We’ve been able to reproduce on our end by forcing the site through these steps:

1. Create a new site
2. Trust the Certificate
3. Open site shell and update to https: wp search-replace ' http://example.local ' ' https://example.local '
4. See the banner by clicking to a different site and back to the original site (this “refreshes” the UI state)

We’re still not clear on what is making it happen, but it is good that we can reproduce consistently. We’re adding some details to a ticket and adding it to our backlog for the engineering team to dig into.

The good news is the SSL is working in the meantime. We’re wrapping up a couple of feature tickets right now and will pull this bug in for one of our next-ups. I’ll make sure to come back here as soon as we know more and/or have a resolution.

Thanks,
Austin

Thanx @austinwendt for the update!

Thank you for keeping us informed.

Could this also be why i’m getting these errors?
Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in …

I’ve tried reverting back to an older version of local but same problem.

This is monterey 12.3

Issue Summary

CleanShot 2022-04-05 at 10.43.01@2x2900×1520 292 KB

I’ve trusted the affwp-dev.test certificate fully in Keychain, but it still does not show up as Trusted in Local.

Troubleshooting Questions

• Does this happen for all sites in Local, or just one in particular?
  All

• Are you able to create a new, plain WordPress site in Local and access it in a Browser?
  Yes, e.g.:

CleanShot 2022-04-05 at 10.46.07@2x2660×1570 327 KB

Replication

Create/Trust certificate created in Local in Keychain, refresh Local (even restart), still says it’s not trusted.

System Details

• Which version of Local is being used?
  6.3.1+5826

• What Operating System (OS) and OS version is being used?
  

  

  CleanShot 2022-04-05 at 10.47.03@2x1396×850 79.3 KB

• Attach the Local Log. See this Help Doc for instructions on how to do so:
  logs.zip (3.0 KB)

Security Reminder

Local does a pretty good job of scrubbing private info from the logs and the errors it produces, however there’s always the possibility that something private can come through. Because these are public forums, always review the screenshots you are sharing to make sure there isn’t private info like passwords being displayed.

CleanShot 2022-04-05 at 10.49.37@2x2182×1228 136 KB

Note, the actual site is secure!

CleanShot 2022-04-05 at 10.54.09@2x2836×1824 398 KB

Tried re-download of .app and re-install still same issue.

Hi @aubreypwd - I merged your thread on the issue here to a larger discussion. The engineers are taking a look at this one and we’ve got a ticket in our tracking system for this one. TL;DR above is we’ve found solid repro steps and are working on a fix!

@davidga those errors look unrelated. If you’d like to make a post including your Local logs, I can try taking a look. At first glance (without being able to see more of the logs), it seems like it is permissions related somehow.