Closed ctm closed 3 months ago
Note to self, here's how I generated it: openssl req -x509 -out localhost.crt -keyout localhost.key \ -newkey rsa:2048 -days 3650 -nodes -sha256 \ -subj '/CN=localhost' -extensions EXT -config <( \ printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
(and I made it for ten years into the future, 'cause math). I then had to go to Keychain Access
and tell this laptop to trust the crt.
Oops. That caused mb2 to try to use localhost on craftpoker.com, which hasn't happened before. I'm not sure what caused it, but I've reverted the problem in master and redeployed. I was able to do that quicker than revert to an older image, because revert_to_tag
doesn't clean out the container name.
Fixed. Deploying now, but I won't close this until the deploy is finished.
Working fine.
Create a localhost.crt with an expiration date five years into the future.
Now that we're using HSTS everywhere (including localhost), I need a valid certificate for testing and I foolishly made our last self-signed one expire in a month. D'oh.