Trust SSL certificates in 6.3.1

Hi @emmtre - apologies as I was out of the office and missed your ping earlier in the thread.

We are looking into this issue this morning. Just to make sure I understand - functionally, there is no issue with the site or the SSL, just the Local UI showing the site as untrusted? I haven’t been able to reproduce on my end, but I’ll keep trying.

Can you share your full Local log file when you get a chance?

Thanks,
Austin

1 Like

@emmtre @electricarts @CraigP – In addition to clarifying if this is only the Local UI that is broken, or that the actual certificates are invalid, can provide the Local Logs? You can get a zip of those logs by clicking the “Download Local Log” button from the “Support” tab of Local. See this help doc for more info about that button:

Hi @austinwendt no problem. Yes that’s correct. Local 6.3.1 is showing all sites as untrusted but no other issues. Unfortunately I deleted all logs when I re-installed 6.3.0. The only SSL related is what I posted above.

[Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.","timestamp":"2022-03-16T15:00:29.816Z"}
[Note] Skipping generation of SSL certificates as certificate files are present in data directory.","timestamp":"2022-03-16T15:00:29.817Z"}
[Warning] CA certificate ca.pem is self signed.","timestamp":"2022-03-16T15:00:29.817Z"}
[Note] Skipping generation of RSA key pair as key files are present in data directory.","timestamp":"2022-03-16T15:00:29.817Z"}

Hi @ben.turner Unfortunately I deleted all logs when I re-installed 6.3.0. The only SSL related I found in the logs is what I posted above. All certificates are valid as you can see in my first post. They are displayed as trusted in Local UI version 6.3.0 but not 6.3.1.

[Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.","timestamp":"2022-03-16T15:00:29.816Z"}
[Note] Skipping generation of SSL certificates as certificate files are present in data directory.","timestamp":"2022-03-16T15:00:29.817Z"}
[Warning] CA certificate ca.pem is self signed.","timestamp":"2022-03-16T15:00:29.817Z"}
[Note] Skipping generation of RSA key pair as key files are present in data directory.","timestamp":"2022-03-16T15:00:29.817Z"}

Me and a coworker both had the same issue. I’m running macOS 12.3 and up until an hour ago I was running Local 6.3.1. Downgrading to 6.3.0 fixed the SSL trust issue. Not sure if it’s related, but I also encountered issues setting/trusting the Site Domain. I tried changing the name to an existing site to force it to try and trust the SSL, and noticed the new URL wasn’t being added to my system hosts file.

Thanks @emmtre and @cdharrison, that is helpful! We’ve been able to reproduce on our end by forcing the site through these steps:

  1. Create a new site
  2. Trust the Certificate
  3. Open site shell and update to https: wp search-replace ' http://example.local ' ' https://example.local '
  4. See the banner by clicking to a different site and back to the original site (this “refreshes” the UI state)

We’re still not clear on what is making it happen, but it is good that we can reproduce consistently. We’re adding some details to a ticket and adding it to our backlog for the engineering team to dig into.

The good news is the SSL is working in the meantime. We’re wrapping up a couple of feature tickets right now and will pull this bug in for one of our next-ups. I’ll make sure to come back here as soon as we know more and/or have a resolution.

Thanks,
Austin

1 Like

Thanx @austinwendt for the update!

1 Like

Thank you for keeping us informed.

Could this also be why i’m getting these errors?
Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in …

I’ve tried reverting back to an older version of local but same problem.

This is monterey 12.3

Issue Summary

I’ve trusted the affwp-dev.test certificate fully in Keychain, but it still does not show up as Trusted in Local.

Troubleshooting Questions

  • Does this happen for all sites in Local, or just one in particular?
    All

  • Are you able to create a new, plain WordPress site in Local and access it in a Browser?
    Yes, e.g.:

Replication

Create/Trust certificate created in Local in Keychain, refresh Local (even restart), still says it’s not trusted.

System Details

Security Reminder

Local does a pretty good job of scrubbing private info from the logs and the errors it produces, however there’s always the possibility that something private can come through. Because these are public forums, always review the screenshots you are sharing to make sure there isn’t private info like passwords being displayed.

Note, the actual site is secure!

Tried re-download of .app and re-install still same issue.

Hi @aubreypwd - I merged your thread on the issue here to a larger discussion. The engineers are taking a look at this one and we’ve got a ticket in our tracking system for this one. TL;DR above is we’ve found solid repro steps and are working on a fix!

@davidga those errors look unrelated. If you’d like to make a post including your Local logs, I can try taking a look. At first glance (without being able to see more of the logs), it seems like it is permissions related somehow.

1 Like

Hey @emmtre ,

Does not belong in this thread here, but I would be interested in the experience with WP Migrate. I use Spinup WP with two servers and could also get used to it for development.

So far I use Wordmove (https://github.com/welaika/wordmove) for synchronization. Unfortunately, because it’s Ruby based, it always requires a local installation to be involved as a middleman. I’ve been on the verge of buying WP Migrate many times, but I’d love to hear about any experiences with it (gladly in a PM).

I ran local application as administrator on Windows and it worked okay with 6.31 was after having the same problem with previous versions. So perhaps the batch file that runs the “Trust certificate” script is being blocked by anti-virus or window defender? Sorry I don’t know enough to suggest anything better.

I’m having issues trusting my SSL within macOS Monterey. I’ve tried following the steps detailed here (https://localwp.com/help-docs/ssl/managing-local-sites-ssl-certificate-in-macos/) and am able to trust the site, but it does not transfer into Local. I continue to get a ‘Heads Up. We ran into an issue trusting the Local SSL certificate’ error even though I’ve adjusted to ‘Always Trust’ in my Keychain Access.

2 Likes

I haven’t seen a fix yet, but appears to be a similar issue as what’s discussed in this thread.

I’m getting this issue now too.

Start new site and can’t Trust the SSL

same here :frowning_face: only in Firefox

Hi all - I am going to merge this topic with the larger thread on the issue so that we can keep discussion in the same place. Still working on this one!

1 Like