I’m having trouble running my local DevKinsta store with SSL enabled. This is on an Ubuntu 22.04 machine.
At first, I was unable to toggle the “HTTPS” switch; it would say “SSL update failed”. By searching through the community, I did discover a workaround to this problem. The issue was that I had no “~/.mozilla/firefox/” directory. Creating this directory by hand, then toggling the switch, worked. Everything was working great, until…
… some time later (either a few hours or next day), I tried to open the site in Chrome, and received a “NET:ERR_CERT_INVALID” error. Unlike most such errors from Chrome, I don’t have the option to click “Advanced” and then select “Proceed anyways”. I am stuck on the error screen and cannot access the store. The message says: “You cannot visit local-store.example.com right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.”
I have tried toggling the HTTPS switch, and have tried turning the store off and on again. I did confirm that I can still access the site from other browsers, including firefox and curl. But Chrome appears to be stuck.
I had this similar issue in the past on the same Ubuntu 22.04 machine and shared a workaround in another thread here (that’s for the SSL/HTTPS issue related to “.mozilla/firefox” ),
and bellow that thread I also shared a solution related to the “NET::ERR_CERT_INVALID” error in the Chrome browser only (which seemed to happen on Chrome browser above version 111.0.5563.146-1 - and it’s not something that DevKinsta could control though) - while the HTTPS/SSL for the local sites worked fine on other browsers (like FireFox, even for the current/newest FireFox browser version).
You may want to check my previous replies there and see if that would help you too hopefully!
Thanks for the response! I should have stated at the outset that I had already seen your other thread. But there are a couple of reasons why I didn’t pursue your workaround:
My situation sounded a bit different from yours, in that yours seemed to be caused by a Chrome upgrade. I can confirm that no upgrade occurred between when my cert was working, and when it wasn’t. I had it working just fine in Chrome, and then a few hours later, it stopped working, with no change in-between.
Downgrading Chrome is just not a viable option. Disconnecting from receiving auto-updates is a bad security posture and is not sustainable as a real solution. It works OK for a one-time hack/workaround, but not long-term. There needs to be a way to access my DevKinsta store using the latest versions of Chrome.
So one of the best solutions I found (and probably there is) would be to generate your own Certificate Authority (CA) and a signed certificate for your .local domain than authorize it in your chrome.
NOTE: BE SURE TO REPLACE yourdomain.local WITH YOUR ACTUAL DOMAIN
After I posted this, a teammate pointed out that Chrome has a hidden feature where you can key in “thisisunsafe” while focused on the ERR_CERT_INVALID page, and it will allow you to proceed.
Obviously we would never use this in a real environment, but I found this acceptable for our development/local systems as a workaround. So that’s what we’re doing for now.
Good idea about the local CA though; that’s definitely a more “correct” fix.
Though I am curious what the difference is between Chrome and the other browsers, in terms of considering the DevKinsta cert to be valid or not. It seems like the “best” fix is for DevKinsta to figure that out, and adjust their cert creation.
We recently migrated to Kinsta, with one of the drawing factors being DevKinsta, but since day one I’ve been plagued by this issue.
The “solution” is really not a solution at all, as our IT dept manages our Chrome version, to keep it in line with security patches, we’re therefore unable to downgrade.
Kinsta need to fix this issue properly, rather than providing a workaround and calling it a solution.
From what I can see, this has been around as an issue for some time now, which isn’t particularly promising.