Why is the certificate generated by Laravel Valet no longer valid in chrome?

Asked 1/6, 2017 at 9:3 Answered 2/11, 2022 at 17:0

I've recently updated Chrome to Version 58.0.3029.110 (64-bit). Since updating all of my development sites secured with valet are throwing a ⚠ Not Secure warning in the browser bar and I'm having to manually add exceptions for development sites.

Things I've tried.

valet forget site && valet link site && valet secure site
valet stop && valet uninstall && valet install

Forgetting the site via valet command and recreating and securing it. worked as expected and does serve the site over http:// so I'm fairly confident nginx and dnsmasq are working together properly.

Uninstalling and Reinstalling valet before recreating the site links and securing them also hasn't had the desired result.

I'm a little bit stuck for ideas of what else to try. And it's not being reported as far as I can tell by other users of Valet so I'm guessing it's something localised to my machine.

With additional debugging insight gained from the comments (Thanks for the info)

It appears the certificate is for wordpress.dev but is being served for any-site.dev?

Attackers might be trying to steal your information from dash.reviews.dev (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
Subject: *.wordpress.dev
Issuer: *.wordpress.dev
Expires on: May 30, 2018
Current date: Jun 1, 2017
PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIC/DCCAeSgAwIBAgIJALNqUY/m3QBNMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
BAMMDyoud29yZHByZXNzLmRldjAeFw0xNzA1MzAxMTE2MjZaFw0xODA1MzAxMTE2
MjZaMBoxGDAWBgNVBAMMDyoud29yZHByZXNzLmRldjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANrWsRS8opaiZn9VBLHCJFqhqe7ZzFCN4YZNKwV+rJMi
3STA3gJEUA8t+bLbLUaXjkUhiyq6TpJp6tKW6AY11iUDCjKCbE5CwOB3sIJAvy/G
w6O/ID3ViYMbqm9pJbnEmlHZP8cizBqfyZy8QZCIrAllc/CdfuxR7dCnXSaw+BkY
fzCUUwMO0O/TmhLEOnqugOkRCx6bNEyN2Jgu/Ll1gHedAZ3BZPifLPpt9tHdkiaU
qdhUQR2s0zig7Pg5NqH7V90q3rRTSWwc2fnu7MxtNyHnjD5kKairmFR+4IEFTHaa
6nODNviwjcV+GaMWwHB/qlLkDceSaM/EH/dDu7lpSD0CAwEAAaNFMEMwCQYDVR0T
BAIwADALBgNVHQ8EBAMCBeAwKQYDVR0RBCIwIIINd29yZHByZXNzLmRldoIPKi53
b3JkcHJlc3MuZGV2MA0GCSqGSIb3DQEBCwUAA4IBAQC/sEY14ES/6A8uIoqUGj1S
f0PHY1atc6XJrvs28+HMRlCS/xEGdeZpGV4F4/XYWJWKqVp0MsKzLUGjMOvvwH53
TtnW88HFQMecjAeSg1k2jT/ZBgFwUhTV1PA5XA00jBMH8oIcTYy0vm+MjCNalRDW
sfsIl91pR8MtFlEp0TV+MbewG4ak8bHzaN0vcO4gMYlUTaq3LmgfYWsdUhIKk3ZE
/pLH3gVmQitPZXTiwKA83msbDGlDBimE3n8QCcJIVBZJf6tOvE3eemBMIbNoucb3
25/7FQw8WwV7Nzo1HF7jLsLYNB49OriDrOW9hk2qUfOzbsdq8UUcFitdAvXzfjCs
-----END CERTIFICATE-----

I've used valet forget wordpress and manually removed wordpress symlink as this didn't seem to do anything but suspect the nginx config needs to be rewritten and am not sure where / how to do this or why I should need to if valet is working correctly?

Flaccid answered 1/6, 2017 at 9:3 Comment(5)

If you read the screen, you should see a NET::ERR_... text. There should also be an "Advanced options" link. – Erdda 1/6, 2017 at 9:13

@ÁlvaroGonzález - updated - seems its serving a single cert for all linked domains ? – Flaccid 1/6, 2017 at 11:0

I can't help you with nginx because I've never used it but NET::ERR_CERT_COMMON_NAME_INVALID means that the site is not using any of the domain names the cert was issued for. It doesn't feel like an error in the PHP side but, as I said, I'm not familiar with your stack. – Erdda 1/6, 2017 at 11:13

For people using valet park and encounter this issue. Check out ~/.valet/Certificates and see if there's project-folder-name.conf and project-folder-name.crt . If not, go to that project folder then run valet secure again works for me. – Homerus 4/7, 2018 at 13:4

Probably HSTS will play into here as well by now. Remember Google has the TLD ".dev" reserved. Chrome ships with rules to not accept other certs. – Kidnap 5/9, 2018 at 10:42

So valet forget only works with parked directories

I'm using valet link and having removed the symlinks the residual conf files were still in place.

Even after valet uninstall it didn't remove ~/.valet which was full of old site certificates.

I'm guessing there was some conflict in which one to serve and the one it chose was invalid for the current domain.

About to do a full removal and reinstall all the dependencies in the hope that sorts things. If it does I'll accept this answer, if not I'll update.

Jheeze!

Valet does not uninstall / re-install well at all.

Flaccid answered 1/6, 2017 at 11:22 Comment(0)

I found some success in doing these steps:

valet unsecure my-site-name for all my secured sites
Make sure that the certificates were deleted from ~/.config/valet/Certificates/
Remove ~/.config/valet/CA/ to force valet to regenerate its own stuff.

I noticed those CA files were almost four years old. Not sure if that matters.

When I then tried to run valet secure my-site-name, Nginx complained of some issues which I had to fix manually in some files from ~/.config/valet/Sites/. It's almost as though something in valet got out of sync somehow. I did find some files for local sites I thought I had gotten rid of.

Once I had deleted / fixed all that, I was once again able to valet secure stuff, and my secured sites were once again trusted by Chrome. (I'm on Chrome 107 as I write this.)

Investigation answered 2/11, 2022 at 17:0 Comment(2)

Deleting the certificates from ~/.config/valet/Certificates/ and re-generating them solved this for me finally, thank you. – Aloha 6/11, 2022 at 19:31

Deleting the CA files in ~/config/valet/CA does seem to force Valet to create them new. New certs based on that seem to work again. But there seems no option to "auto-re-generate all existing certs"? I have a couple of projects and can't pick them one by one .... – Grim 10/11, 2022 at 15:48

open the directory you want to link do valet park valet link valet secure

Environment answered 12/4, 2019 at 19:28 Comment(0)

Jheeze!

Recommended topics

Hot tags