All of a sudden I seem to have an issue with Google Chrome using localhost. I'm trying to access any of my development sites (using Ampps) and I get the following error:- <blockquote> Your connection is not private Attackers might be trying to steal your information from website.dev (for example, passwords, messages or credit cards). Learn more NET::ERR_CERT_AUTHORITY_INVALID </blockquote> When I visit any of the dev sites it is redirecting from http://website.dev to https://website.dev automatically. I'm not having any issue in Safari or Firefox so I don't understand what is going on. I've tried re-installing Google Chrome, resetting it to the factory default settings... I think it could be an issue with Keychain Access --> Certificates but wouldn't that mean it wouldn't work in Firefox and Safari if that was the case? I've spent a while trying to find a solution but so far nothing has worked so I would appreciate some suggestions on how I can fix this. I can't even proceed passed this warning as I don't get the proceed link (insecure) as shown below:- <img src="https://i.stack.imgur.com/m4P98.png" alt="enter image description here">

Navigate to <blockquote> chrome://flags/#allow-insecure-localhost </blockquote> and set this to enabled. <img src="https://i.stack.imgur.com/elEoJ.png" alt="enter image description here">

After playing around, I came up with one kind of a solution. First, lets talk about the problem: the cause of this error is that both of us used a <code>.dev</code> domain for our local development. If you go here you will find out that root <code>.dev</code> domain is owned by Google and applying HSTS in Chrome they enforce https-redirect for this domain. Since we use <code>.dev</code> domains, we get redirected to https version and at the same time we don't have any actual certificates installed. So, we see this annoying error. If you go to <code>chrome://net-internals/#hsts</code> you can check your <code>.dev</code> domain and you will actually find out that <pre class="prettyprint"><code>static_sts_domain: dev static_upgrade_mode: FORCE_HTTPS static_sts_include_subdomains: true </code></pre> which confirms that HSTS is enforced on <code>*.dev</code> indeed. The policy type is static and, as I understand, it's kind of hard-coded to https-redirect <code>.dev</code> domains. So, there are at least 2 ways - get and set up an actual certificate somehow or just use another (not <code>.dev</code>) root domain in httpd-vhosts.conf for your local development (also don't forget to update <code>/etc/hosts</code> and launch apache again). I went another root domain route and it solved this issue.

Google Chrome localhost | NET::ERR_CERT_AUTHORITY

All of a sudden I seem to have an issue with Google Chrome using localhost.

I'm trying to access any of my development sites (using Ampps) and I get the following error:-

Your connection is not private Attackers might be trying to steal your information from website.dev (for example, passwords, messages or credit cards). Learn more NET::ERR_CERT_AUTHORITY_INVALID

When I visit any of the dev sites it is redirecting from http://website.dev to https://website.dev automatically. I'm not having any issue in Safari or Firefox so I don't understand what is going on.

I've tried re-installing Google Chrome, resetting it to the factory default settings...

I think it could be an issue with Keychain Access --> Certificates but wouldn't that mean it wouldn't work in Firefox and Safari if that was the case?

I've spent a while trying to find a solution but so far nothing has worked so I would appreciate some suggestions on how I can fix this. I can't even proceed passed this warning as I don't get the proceed link (insecure) as shown below:-

enter image description here

What is Net :: ERR_CERT_AUTHORITY_INVALID?

NET::ERR_CERT_AUTHORITY_INVALID Error This SSL error also occurs when the cert you are using is expired or self-signed. In order to provide security to your website visitors and protect the data on your site, it is a must to install an SSL certificate. But that doesn't mean you can obtain any certificate on the market.

Why does Chrome say my certificate is invalid?

Chrome displays these errors if some security codes are missing and the website is running with an outdated SHA algorithm or system's TLS version is outdated. Know how to solve This web page is not available and ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors.

Navigate to

chrome://flags/#allow-insecure-localhost

and set this to enabled.

enter image description here

After playing around, I came up with one kind of a solution.

First, lets talk about the problem: the cause of this error is that both of us used a .dev domain for our local development. If you go here you will find out that root .dev domain is owned by Google and applying HSTS in Chrome they enforce https-redirect for this domain. Since we use .dev domains, we get redirected to https version and at the same time we don't have any actual certificates installed. So, we see this annoying error. If you go to chrome://net-internals/#hsts you can check your .dev domain and you will actually find out that

static_sts_domain: dev
static_upgrade_mode: FORCE_HTTPS
static_sts_include_subdomains: true

which confirms that HSTS is enforced on *.dev indeed. The policy type is static and, as I understand, it's kind of hard-coded to https-redirect .dev domains.

So, there are at least 2 ways - get and set up an actual certificate somehow or just use another (not .dev) root domain in httpd-vhosts.conf for your local development (also don't forget to update /etc/hosts and launch apache again). I went another root domain route and it solved this issue.

Google Chrome localhost | NET::ERR_CERT_AUTHORITY_INVALID

Tags:

google-chrome

ssl

localhost

hsts

nsilva

People also ask

2 Answers

Matt Smith

curveball

Recent Activity

Donate For Us