Closed mhsolutions closed 4 years ago
What exactly are you trying to achieve importing the certificate?
What do you mean with "ssl certificate is invalid"? For which domain was the certificate signed for?
I got same issue.
UBUNTU 18.04.3 PHP7.3-fpm Valet v2.1.10
$ valet secure mysite
Restarting php7.3-fpm...
Restarting nginx...
The [mysite.test] site has been secured with a fresh TLS certificate.
chrome shows
NET::ERR_CERT_AUTHORITY_INVALID
So I did command below
$ certutil -d sql:$HOME/.pki/nssdb -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Then I tried to import manually.
$ certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "mysite.test" -i
/home/{my-name}/.valet/Certificates/mysite.test.crt"
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
What exactly are you trying to achieve importing the certificate?
What do you mean with "ssl certificate is invalid"? For which domain was the certificate signed for?
NET::ERR_CERT_AUTHORITY_INVALID
/home/{my-name}/.valet/Certificates/
.conf, .crt, .csr and .keyit's pretty much the same what @tuffkidd already described
I solved my issue.
The problem is cert9.db
key4.db
pkcs11.txt
files owner issue.
valet-linux
create the files as root:root
. so, valet can't write files.
Unsecure mysite
valet unsecure mysite
Remove pki
directory
rm -rf ~/.pki
Make pki directory and change permission
mkdir -p $HOME/.pki/nssdb
chmod -R 700 $HOME/.pki
Secure site : then Valet creates cert9.db
key4.db
pkcs11.txt
files.
valet secure mysite
Check the files.
ls -al ~/.pki/nssdb
drwx------ 2 yourname yourname 4096 10월 24 15:09 ./
drwx------ 3 yourname yourname 4096 10월 24 15:09 ../
-rw------- 1 root root 28672 10월 24 15:09 cert9.db
-rw------- 1 root root 28672 10월 24 15:09 key4.db
-rw------- 1 root root 433 10월 24 15:09 pkcs11.txt
Change the files owner
sudo chown -R yourname:yourname $HOME/.pki/nssdb/
Then valet unsecure mysite
valet secure mysite
@tuffkidd thanks for your answer, but still it isn't working for me
The output of
ls -al ~/.pki/nssdb
is
drwx------ 1 myusr myusr 512 Oct 26 09:53 .
drwx------ 1 myusr myusr 512 Oct 26 09:48 ..
-rw------- 1 myusr myusr 28K Oct 26 09:53 cert9.db
-rw------- 1 myusr myusr 36K Oct 26 09:53 key4.db
-rw------- 1 myusr myusr 431 Oct 26 09:48 pkcs11.txt
and the output of
ls -al /home/myusr/.valet/Certificates/
is
drwxr-xr-x 1 myusr root 512 Oct 26 09:53 .
drwxr-xr-x 1 myusr root 512 Oct 26 10:04 ..
-rw-r--r-- 1 myusr root 623 Oct 26 09:53 mysite.test.conf
-rw-r--r-- 1 myusr myusr 1.4K Oct 26 09:53 mysite.test.crt
-rw-r--r-- 1 myusr myusr 1.2K Oct 26 09:53 mysite.test.csr
-rw------- 1 myusr myusr 1.7K Oct 26 09:53 mysite.test.key
also when I try to check this in the mysite folder itself
valet secured
I get this (with leading space)
is not secured.
also when I try this
valet secured mysite
I get this
mysite is not secured.
but if I try this
valet secured mysite.test
I get this
mysite.test is secured.
Have you tried?:
cd /path/to/mysite
valet secure
I never need to attach the site name in order to secure them
@mhsolutions I exactly don't know why. But you can try @jmarcher answer.
I think you should show us valet links
command results.
also when I try this valet secured mysite
Make sure that the command is valet secure mysite
not valet secured mysite
@jmarcher yes i did this too, i tried it inside the folder with:
valet secure
and from the outside with:
valet secure mysite
@tuffkidd this is the result:
+------------------+-----+-------------------------------+-----------------------------------+
| Site | SSL | URL | Path |
+------------------+-----+-------------------------------+-----------------------------------+
| mysite | X | https://mysite.test | /mnt/c/sites/ |
+------------------+-----+-------------------------------+-----------------------------------+
yes sure to secure the site I always use valet secure
but to check if it's secured I use the valet secured
command
Now I see you are using a Linux subsystem, I wonder if this is the problem, I do not have access to a Windows machine to test this, but maybe there is the problem.
@jmarcher Thank you for quick update! Yeh!
I had the same problem just go into your browser -> certifcate -> authorities -> import LaravelValetCASelfSigned
LaravelValetCASelfSigned is place in your $HOME/.valet/CA
Then if you re on chrome just enable this parameter chrome://flags/#allow-insecure-localhost .
If you re not on chrome you should have a parameter like this to find.
I had the same problem just go into your browser -> certifcate -> authorities -> import LaravelValetCASelfSigned
LaravelValetCASelfSigned is place in your $HOME/.valet/CA
Then if you re on chrome just enable this parameter chrome://flags/#allow-insecure-localhost .
If you re not on chrome you should have a parameter like this to find.
I've tried but then shows me:
I solved my issue. The problem is
cert9.db
key4.db
pkcs11.txt
files owner issue.valet-linux
create the files asroot:root
. so, valet can't write files.My solutions
Unsecure mysite
valet unsecure mysite
Remove
pki
directoryrm -rf ~/.pki
Make pki directory and change permission
mkdir -p $HOME/.pki/nssdb chmod -R 700 $HOME/.pki
Secure site : then Valet creates
cert9.db
key4.db
pkcs11.txt
files.valet secure mysite
Check the files.
ls -al ~/.pki/nssdb
drwx------ 2 yourname yourname 4096 10월 24 15:09 ./ drwx------ 3 yourname yourname 4096 10월 24 15:09 ../ -rw------- 1 root root 28672 10월 24 15:09 cert9.db -rw------- 1 root root 28672 10월 24 15:09 key4.db -rw------- 1 root root 433 10월 24 15:09 pkcs11.txt
Change the files owner
sudo chown -R yourname:yourname $HOME/.pki/nssdb/
Then
valet unsecure mysite
valet secure mysite
I've tried, but still not working
I had the same problem just go into your browser -> certifcate -> authorities -> import LaravelValetCASelfSigned LaravelValetCASelfSigned is place in your $HOME/.valet/CA Then if you re on chrome just enable this parameter chrome://flags/#allow-insecure-localhost . If you re not on chrome you should have a parameter like this to find.
I've tried but then shows me:
Scroll down to the Laravel certificate on that list, edit it and select to enable verification of websites. This worked for me in Chrome on PopOS (Ubuntu).
big thanks to @chiptu , for anyone having hard time finding the browser settings
chrome : search for Manage Certificates
> authorities > import LaravelValetCASelfSigned
ff : search Certificates
> view Certificates > authorities > import LaravelValetCASelfSigned
big thanks to @chiptu , for anyone having hard time finding the browser settings
chrome : search for
Manage Certificates
> authorities > import LaravelValetCASelfSigned ff : searchCertificates
> view Certificates > authorities > import LaravelValetCASelfSigned
This worked for me!
import LaravelValetCASelfSigned
where can i get LaravelValetCASelfSigned?
import LaravelValetCASelfSigned
where can i get LaravelValetCASelfSigned?
Then open Chrome and paste this in the search:
chrome://settings/security
Click on Manage Certificates
Goto the Trusted Root Certification Authorities
tab
Click Import, Next, Browse
Leave this open then run the following in a terminal for WSL
cd ~/.valet/CA
explorer.exe .
Copy the path in the top bar in the explorer and paste into the browse dialog we opened previously (should look something like below):
\\wsl.localhost\Ubuntu\home\YOURWSLUSERNAME\.valet\CA
Then select LaravelValetCASelfSigned.pem
(You may have to choose Show All
in the bottom right
Then click Open, Next, Next, Finish
Close your browser and open it again and you should have all sites served by valet secure
import LaravelValetCASelfSigned
where can i get LaravelValetCASelfSigned?
Then open Chrome and paste this in the search:
chrome://settings/security
Click onManage Certificates
Goto theTrusted Root Certification Authorities
tab Click Import, Next, BrowseLeave this open then run the following in a terminal for WSL
cd ~/.valet/CA explorer.exe .
Copy the path in the top bar in the explorer and paste into the browse dialog we opened previously (should look something like below):
\\wsl.localhost\Ubuntu\home\YOURWSLUSERNAME\.valet\CA
Then select
LaravelValetCASelfSigned.pem
(You may have to chooseShow All
in the bottom rightThen click Open, Next, Next, Finish
Close your browser and open it again and you should have all sites served by valet secure
this one work for me, I am using wsl2 ubuntu 22.04
I had the same problem just go into your browser -> certifcate -> authorities -> import LaravelValetCASelfSigned
LaravelValetCASelfSigned is place in your $HOME/.valet/CA
Then if you re on chrome just enable this parameter chrome://flags/#allow-insecure-localhost .
If you re not on chrome you should have a parameter like this to find.
It works fine on Ubuntu 23.04 Lunar Lobster and Valet v2.3.0
all above method does not work for me on Ubuntu 20.04. but when re-importing existing certificate into browser and inspecting the imported certificate, found the Valet's CA is expired. so creating new Valet's CA certificate should fix this obviously. here's notes for future me.
step #1
rm ~/.valet/CA
valet install
step #2
import newly created certificate from ~/.valet/CA
into browser
refresh the browser page now doesn't show certificate error anymore.. hell yeah!!
I've had a similar issue, turns out there is a misconfig in laravel-mix-valet/index.js removed config from line 67
import LaravelValetCASelfSigned
where can i get LaravelValetCASelfSigned?
Then open Chrome and paste this in the search:
chrome://settings/security
Click onManage Certificates
Goto theTrusted Root Certification Authorities
tab Click Import, Next, Browse Leave this open then run the following in a terminal for WSLcd ~/.valet/CA explorer.exe .
Copy the path in the top bar in the explorer and paste into the browse dialog we opened previously (should look something like below):
\\wsl.localhost\Ubuntu\home\YOURWSLUSERNAME\.valet\CA
Then selectLaravelValetCASelfSigned.pem
(You may have to chooseShow All
in the bottom right Then click Open, Next, Next, Finish Close your browser and open it again and you should have all sites served by valet securethis one work for me, I am using wsl2 ubuntu 22.04
Work for me
OS: Ubuntu 24.04 Laravel 11
I am having trouble to get HTTPS working on my site:
WSL UBUNTU PHP 7.2.10-0ubuntu0.18.04.1 Chrome Version 77.0.3865.120 (Official Build) (64-bit) Valet v2.1.10
I also tried FF and Edge with same result.
In Edge I saved the SSL certificate in a file and then tried to import this file to chrome. This gives me a success message, but the certificate is not showing in chrome.
I did secure my site:
$ valet secured mysite.test
mysite.test is secured.