SSL certificate invalid

[mhsolutions]

I am having trouble to get HTTPS working on my site:

WSL UBUNTU PHP 7.2.10-0ubuntu0.18.04.1 Chrome Version 77.0.3865.120 (Official Build) (64-bit) Valet v2.1.10

I also tried FF and Edge with same result.

In Edge I saved the SSL certificate in a file and then tried to import this file to chrome. This gives me a success message, but the certificate is not showing in chrome.

I did secure my site: $ valet secured mysite.test mysite.test is secured.

[jmarcher]

What exactly are you trying to achieve importing the certificate?

What do you mean with "ssl certificate is invalid"? For which domain was the certificate signed for?

[tuffkidd]

I got same issue.

UBUNTU 18.04.3 PHP7.3-fpm Valet v2.1.10

$ valet secure mysite 
Restarting php7.3-fpm...
Restarting nginx...
The [mysite.test] site has been secured with a fresh TLS certificate.

chrome shows

NET::ERR_CERT_AUTHORITY_INVALID

So I did command below

$ certutil -d sql:$HOME/.pki/nssdb -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

Then I tried to import manually.

$ certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "mysite.test" -i 
 /home/{my-name}/.valet/Certificates/mysite.test.crt"

certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

[mhsolutions]

What exactly are you trying to achieve importing the certificate?

What do you mean with "ssl certificate is invalid"? For which domain was the certificate signed for?

1. so I can visit the site, because now I jsut get the same error as @tuffkidd NET::ERR_CERT_AUTHORITY_INVALID
2. its for my local domain: mysite.test and all the files are being created in /home/{my-name}/.valet/Certificates/ .conf, .crt, .csr and .key

it's pretty much the same what @tuffkidd already described

[tuffkidd]

I solved my issue. The problem is cert9.db key4.db pkcs11.txt files owner issue. valet-linux create the files as root:root. so, valet can't write files.

My solutions

Unsecure mysite

valet unsecure mysite

Remove pki directory

rm -rf ~/.pki

Make pki directory and change permission

mkdir -p $HOME/.pki/nssdb
chmod -R 700 $HOME/.pki

Secure site : then Valet creates cert9.db key4.db pkcs11.txt files.

valet secure mysite

Check the files.

ls -al ~/.pki/nssdb

drwx------ 2 yourname yourname 4096 10월 24 15:09 ./
drwx------ 3 yourname yourname 4096 10월 24 15:09 ../
-rw------- 1 root root 28672 10월 24 15:09 cert9.db
-rw------- 1 root root 28672 10월 24 15:09 key4.db
-rw------- 1 root root 433 10월 24 15:09 pkcs11.txt

Change the files owner

sudo chown -R yourname:yourname $HOME/.pki/nssdb/

Then valet unsecure mysite valet secure mysite

[mhsolutions]

@tuffkidd thanks for your answer, but still it isn't working for me

The output of

ls -al ~/.pki/nssdb

is

drwx------ 1 myusr myusr 512 Oct 26 09:53 .
drwx------ 1 myusr myusr 512 Oct 26 09:48 ..
-rw------- 1 myusr myusr 28K Oct 26 09:53 cert9.db
-rw------- 1 myusr myusr 36K Oct 26 09:53 key4.db
-rw------- 1 myusr myusr 431 Oct 26 09:48 pkcs11.txt

and the output of

ls -al /home/myusr/.valet/Certificates/

is

drwxr-xr-x 1 myusr root  512 Oct 26 09:53 .
drwxr-xr-x 1 myusr root  512 Oct 26 10:04 ..
-rw-r--r-- 1 myusr root  623 Oct 26 09:53 mysite.test.conf
-rw-r--r-- 1 myusr myusr 1.4K Oct 26 09:53 mysite.test.crt
-rw-r--r-- 1 myusr myusr 1.2K Oct 26 09:53 mysite.test.csr
-rw------- 1 myusr myusr 1.7K Oct 26 09:53 mysite.test.key

also when I try to check this in the mysite folder itself

valet secured

I get this (with leading space)

 is not secured.

also when I try this

valet secured mysite

I get this

mysite is not secured.

but if I try this

valet secured mysite.test

I get this

mysite.test is secured.

[jmarcher]

Have you tried?:

cd /path/to/mysite
valet secure

I never need to attach the site name in order to secure them

[tuffkidd]

@mhsolutions I exactly don't know why. But you can try @jmarcher answer.

I think you should show us valet links command results.

also when I try this valet secured mysite

Make sure that the command is valet secure mysite not valet secured mysite

[mhsolutions]

@jmarcher yes i did this too, i tried it inside the folder with:

valet secure

and from the outside with:

valet secure mysite

@tuffkidd this is the result:

+------------------+-----+-------------------------------+-----------------------------------+
| Site             | SSL | URL                           | Path                              |
+------------------+-----+-------------------------------+-----------------------------------+
| mysite           |  X  | https://mysite.test           | /mnt/c/sites/                     |
+------------------+-----+-------------------------------+-----------------------------------+

yes sure to secure the site I always use valet secure but to check if it's secured I use the valet secured command

[jmarcher]

Now I see you are using a Linux subsystem, I wonder if this is the problem, I do not have access to a Windows machine to test this, but maybe there is the problem.

[jmarcher]

I found this about WSL: https://www.reddit.com/r/laravel/comments/dnj3r5/is_is_possible_to_run_valetlinux_on_wsl_2/f5seb2h?utm_source=share&utm_medium=web2x

[tuffkidd]

@jmarcher Thank you for quick update! Yeh!

[chiptu]

I had the same problem just go into your browser -> certifcate -> authorities -> import LaravelValetCASelfSigned

LaravelValetCASelfSigned is place in your $HOME/.valet/CA

Then if you re on chrome just enable this parameter chrome://flags/#allow-insecure-localhost .

If you re not on chrome you should have a parameter like this to find.

[josegus]

I had the same problem just go into your browser -> certifcate -> authorities -> import LaravelValetCASelfSigned

LaravelValetCASelfSigned is place in your $HOME/.valet/CA

Then if you re on chrome just enable this parameter chrome://flags/#allow-insecure-localhost .

If you re not on chrome you should have a parameter like this to find.

I've tried but then shows me:

[josegus]

I solved my issue. The problem is cert9.db key4.db pkcs11.txt files owner issue. valet-linux create the files as root:root. so, valet can't write files.

My solutions

Unsecure mysite

valet unsecure mysite

Remove pki directory

rm -rf ~/.pki

Make pki directory and change permission

mkdir -p $HOME/.pki/nssdb
chmod -R 700 $HOME/.pki

Secure site : then Valet creates cert9.db key4.db pkcs11.txt files.

valet secure mysite

Check the files.

ls -al ~/.pki/nssdb

drwx------ 2 yourname yourname 4096 10월 24 15:09 ./
drwx------ 3 yourname yourname 4096 10월 24 15:09 ../
-rw------- 1 root root 28672 10월 24 15:09 cert9.db
-rw------- 1 root root 28672 10월 24 15:09 key4.db
-rw------- 1 root root 433 10월 24 15:09 pkcs11.txt

Change the files owner

sudo chown -R yourname:yourname $HOME/.pki/nssdb/

Then valet unsecure mysite valet secure mysite

I've tried, but still not working

[njsoria]

I had the same problem just go into your browser -> certifcate -> authorities -> import LaravelValetCASelfSigned LaravelValetCASelfSigned is place in your $HOME/.valet/CA Then if you re on chrome just enable this parameter chrome://flags/#allow-insecure-localhost . If you re not on chrome you should have a parameter like this to find.

I've tried but then shows me:

Scroll down to the Laravel certificate on that list, edit it and select to enable verification of websites. This worked for me in Chrome on PopOS (Ubuntu).

[ctf0]

big thanks to @chiptu , for anyone having hard time finding the browser settings

chrome : search for Manage Certificates > authorities > import LaravelValetCASelfSigned ff : search Certificates > view Certificates > authorities > import LaravelValetCASelfSigned

[kupoback]

big thanks to @chiptu , for anyone having hard time finding the browser settings

chrome : search for Manage Certificates > authorities > import LaravelValetCASelfSigned ff : search Certificates > view Certificates > authorities > import LaravelValetCASelfSigned

This worked for me!

[adibpwd]

import LaravelValetCASelfSigned

where can i get LaravelValetCASelfSigned?

[RhysLees]

import LaravelValetCASelfSigned

where can i get LaravelValetCASelfSigned?

Then open Chrome and paste this in the search: chrome://settings/security Click on Manage Certificates Goto the Trusted Root Certification Authorities tab Click Import, Next, Browse

Leave this open then run the following in a terminal for WSL

cd ~/.valet/CA
explorer.exe .

Copy the path in the top bar in the explorer and paste into the browse dialog we opened previously (should look something like below): \\wsl.localhost\Ubuntu\home\YOURWSLUSERNAME\.valet\CA

Then select LaravelValetCASelfSigned.pem (You may have to choose Show All in the bottom right

Then click Open, Next, Next, Finish

Close your browser and open it again and you should have all sites served by valet secure

[DiazFarindra]

import LaravelValetCASelfSigned

where can i get LaravelValetCASelfSigned?

Then open Chrome and paste this in the search: chrome://settings/security Click on Manage Certificates Goto the Trusted Root Certification Authorities tab Click Import, Next, Browse

Leave this open then run the following in a terminal for WSL

cd ~/.valet/CA
explorer.exe .

Copy the path in the top bar in the explorer and paste into the browse dialog we opened previously (should look something like below): \\wsl.localhost\Ubuntu\home\YOURWSLUSERNAME\.valet\CA

Then select LaravelValetCASelfSigned.pem (You may have to choose Show All in the bottom right

Then click Open, Next, Next, Finish

Close your browser and open it again and you should have all sites served by valet secure

this one work for me, I am using wsl2 ubuntu 22.04

[SupianIDz]

I had the same problem just go into your browser -> certifcate -> authorities -> import LaravelValetCASelfSigned

LaravelValetCASelfSigned is place in your $HOME/.valet/CA

Then if you re on chrome just enable this parameter chrome://flags/#allow-insecure-localhost .

If you re not on chrome you should have a parameter like this to find.

It works fine on Ubuntu 23.04 Lunar Lobster and Valet v2.3.0

[wakjoko]

all above method does not work for me on Ubuntu 20.04. but when re-importing existing certificate into browser and inspecting the imported certificate, found the Valet's CA is expired. so creating new Valet's CA certificate should fix this obviously. here's notes for future me.

step #1

rm ~/.valet/CA
valet install

step #2 import newly created certificate from ~/.valet/CA into browser

refresh the browser page now doesn't show certificate error anymore.. hell yeah!!

[chiefbrob]

I've had a similar issue, turns out there is a misconfig in laravel-mix-valet/index.js removed config from line 67

[halowahyudi]

import LaravelValetCASelfSigned

where can i get LaravelValetCASelfSigned?

Then open Chrome and paste this in the search: chrome://settings/security Click on Manage Certificates Goto the Trusted Root Certification Authorities tab Click Import, Next, Browse Leave this open then run the following in a terminal for WSL

cd ~/.valet/CA
explorer.exe .

Copy the path in the top bar in the explorer and paste into the browse dialog we opened previously (should look something like below): \\wsl.localhost\Ubuntu\home\YOURWSLUSERNAME\.valet\CA Then select LaravelValetCASelfSigned.pem (You may have to choose Show All in the bottom right Then click Open, Next, Next, Finish Close your browser and open it again and you should have all sites served by valet secure

this one work for me, I am using wsl2 ubuntu 22.04

Work for me

OS: Ubuntu 24.04 Laravel 11