Cannot get Lando SSL certificates work on Ubuntu

lando / core

Current Lando v3 runtime

https://docs.lando.dev/

GNU General Public License v3.0

11 stars 22 forks source link

Cannot get Lando SSL certificates work on Ubuntu #205

Closed esperoweb closed 2 months ago

esperoweb commented 2 months ago

I am trying to install Lando's SSL certificate on my Ubuntu system by following these instructions (https://docs.lando.dev/core/v3/security.html#debian) but there are different problems:

The LandoCA.crt file does not exist, but lndo.site.crt does, although however running lando config --path caCert gets the path to the latter file but with a .pem extension
Trying to copy lndo.site.crt to /usr/local/share/ca-certificates/ and running sudo update-ca-certificates, no certificate is added (message 0 added)
Even trying to run dpkg-reconfigure ca-certificates does not work and none of the system-installed browsers (Firefox and Chrome) accept Lando's certificate as valid.

Where am I going wrong?

reynoldsalec commented 2 months ago

@esperoweb it sounds like LandoCA.crt didn't get generated. I would try starting an app with --debug and seeing if you can find any errors relating to CA creation/installation.

For reference, here are a few files that deal with creating/installing the CA:

AaronFeledy commented 2 months ago

@reynoldsalec Do the docs reflect the latest stable or the latest release in general? The Lando CA has been revamped in 3.22.0 but the stable channel doesn't have these changes.

reynoldsalec commented 2 months ago

Looking at my install I thought they did, but @pirog may be able to confirm that.

AaronFeledy commented 2 months ago

For Lando 3.21.x:

# Add the Lando CA
sudo cp -r ~/.lando/certs/lndo.site.pem /usr/local/share/ca-certificates/lndo.site.pem
sudo cp -r ~/.lando/certs/lndo.site.crt /usr/local/share/ca-certificates/lndo.site.crt

# Remove Lando CA
sudo rm -f /usr/local/share/ca-certificates/lndo.site.pem
sudo rm -f /usr/local/share/ca-certificates/lndo.site.crt

Ubuntu or MacOS with Firefox:

Import the ~/.lando/certs/lndo.site.pem CA certificate in Firefox by going to about:preferences#privacy > View Certificates > Authorities > Import, enabling Trust this CA to identify websites..

Ubuntu with Chrome:

On the Authorities tab at chrome://settings/certificates, import ~/.lando/certs/lndo.site.pem or /usr/local/share/ca-certificates/lndo.site.crt

reynoldsalec commented 2 months ago

Ah ok, yes the current docs live at docs.lando.dev reflect 3.22, which is normal; docs always reflects the status of the main branch.

So @esperoweb you'll want to refer to the old docs @AaronFeledy posted above, or try upgrading to Lando 3.22 (which is currently a beta pre-release), see instructions on the "advanced setup script" usage or running Lando from source.

gsimo96 commented 2 months ago

it works thanks

reynoldsalec commented 2 months ago

Awesome, out of curiosity, did you end up upgrading to the 3.22 beta, or did the doc instructions work @gsimo96?

Going to close this out.

yorkshire-pudding commented 1 month ago

Just to add on Linux Mint the instructions from @AaronFeledy worked a treat.