Need to renew expired self-signed Laravel root certificate

[wturrell]

Description

TL;DR: my certificates for the individual *.test domains are fine, but suddenly I have a "Laravel Valet CA Self Signed CN" with an expiry of 1 July 2021, so no sites will load.

I've been reading https://github.com/laravel/valet/issues/1487 …

Opening Keychain Access confirms the certificate is expired, as does running:

security verify-cert -c ~/.config/valet/CA/LaravelValetCASelfSigned.pem
(Cert Verify Result: CSSMERR_TP_CERT_EXPIRED)

I have upgraded Valet from 4.7.1 to 4.8.0.

I followed this bit of the instructions:

sudo security delete-certificate -c "Laravel Valet CA Self Signed CN" /Library/Keychains/System.keychain -- This will remove the cert from your System Keychain.
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/.config/valet/CA/LaravelValetCASelfSigned.pem -- This will add it back

All that does is (correctly) remove the old cert, but then it puts it back again. How can I actually renew it?

I tried valet renew (as well as unsecure and secure) but this didn't help.

Thanks!

Steps To Reproduce

-

Diagnosis

sw_vers

ProductName:       macOS
ProductVersion:     14.6.1
BuildVersion:       23G93

valet --version

Laravel Valet 4.8.0

cat ~/.config/valet/config.json

{
    "tld": "test",
    "paths": [
        "/Users/wt/.config/valet/Sites",
        "/Users/wt/Sites/mprss",
        "/Users/wt/Sites/credobase/htdocs",
        "/Users/wt/Sites/markpack"
    ],
    "loopback": "127.0.0.1"
}

cat ~/.composer/composer.json

{
    "require": {
        "laravel/installer": "^5.6",
        "laravel/valet": "^4.0",
        "drupal/coder": "^8.3",
        "dealerdirect/phpcodesniffer-composer-installer": "^0.7.1",
        "statamic/cli": "^2.6"
    },
    "require-dev": {
        "squizlabs/php_codesniffer": "^3.5"
    },
    "config": {
        "allow-plugins": {
            "dealerdirect/phpcodesniffer-composer-installer": true
        }
    }
}

composer global diagnose

Changed current directory to /Users/wt/.composer
Checking composer.json: WARNING
No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK git version 2.46.0
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com oauth access: OK does not expire
Checking disk free space: OK
Checking pubkeys: 
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking Composer version: You are not running the latest stable version, run `composer self-update` to update (2.7.7 => 2.7.9)
Checking Composer and its dependencies for vulnerabilities: OK
Composer version: 2.7.7
PHP version: 8.2.23
PHP binary path: /opt/homebrew/Cellar/php@8.2/8.2.23/bin/php
OpenSSL version: OpenSSL 3.3.1 4 Jun 2024
curl version: 8.9.1 libz 1.2.12 ssl OpenSSL/3.3.2 (SecureTransport)
zip: extension present, unzip present, 7-Zip not available

composer global outdated

Changed current directory to /Users/wt/.composer
Legend:
! patch or minor release available - update recommended
~ major release available - update possible

Direct dependencies required in composer.json:
dealerdirect/phpcodesniffer-composer-installer 0.7.2  ~ 1.0.0
statamic/cli                                   2.6.0  ~ 3.2.0

Transitive dependencies not required in composer.json:
laravel/prompts                                0.1.25 ~ 0.2.0
symfony/console                                6.4.12 ~ 7.1.5
symfony/process                                6.4.12 ~ 7.1.5

ls -al /etc/sudoers.d/

total 16
drwxr-xr-x    4 root  wheel   128 Aug 13 08:47 .
drwxr-xr-x  134 root  wheel  4288 Sep 24 11:38 ..
-rw-r--r--    1 root  wheel    83 Aug  8  2023 brew
-rw-r--r--    1 root  wheel    86 Aug  8  2023 valet

brew config

HOMEBREW_VERSION: 4.3.24
ORIGIN: https://github.com/Homebrew/brew
HEAD: 916044581862c32fc2365e8e9ff0b1507a98925e
Last commit: 2 days ago
Core tap JSON: 24 Sep 12:28 UTC
Core cask tap JSON: 24 Sep 12:28 UTC
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_EDITOR: vim
HOMEBREW_MAKE_JOBS: 8
Homebrew Ruby: 3.3.4 => /opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.3.4_1/bin/ruby
CPU: octa-core 64-bit arm_firestorm_icestorm
Clang: 15.0.0 build 1500
Git: 2.46.0 => /opt/homebrew/bin/git
Curl: 8.7.1 => /usr/bin/curl
macOS: 14.6.1-arm64
CLT: 15.3.0.0.1.1708646388
Xcode: N/A
Rosetta 2: false

brew services list

Warning: running through sudo, using user/* instead of gui/* domain!
Hide this warning by setting HOMEBREW_SERVICES_NO_DOMAIN_WARNING.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
Name      Status User File
dnsmasq   none            root 
memcached started         wt   ~/Library/LaunchAgents/homebrew.mxcl.memcached.plist
nginx     none            root 
php       none            root 
php@7.4   none            root 
php@8.0   none                 
php@8.1   none                 
php@8.2   error  19968    root ~/Library/LaunchAgents/homebrew.mxcl.php@8.2.plist
redis     started         wt   ~/Library/LaunchAgents/homebrew.mxcl.redis.plist
unbound   none

brew list --formula --versions | grep -E "(php|nginx|dnsmasq|mariadb|mysql|mailhog|openssl)(@\d\..*)?\s"

dnsmasq 2.89 2.90
nginx 1.27.0 1.27.1
php 8.3.11 8.3.9
php@7.4 7.4.33_6
php@8.0 8.0.30_1
php@8.1 8.1.27 8.1.29
php@8.2 8.2.20 8.2.18 8.2.14 8.2.22 8.2.23 8.2.15

brew outdated

bash
ca-certificates
curl
ffmpeg
ghostscript
git
glib
imagemagick
imath
jpeg-turbo
jpeg-xl
libarchive
libomp
libpng
libraw
libtiff
libzip
mpv
node
shaderc
tcl-tk
unibilium
vapoursynth

brew tap

cutzenfriend/cmdg
homebrew/services
saulpw/vd
shivammathur/php

php -v

PHP 8.2.23 (cli) (built: Aug 27 2024 15:32:20) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.23, Copyright (c) Zend Technologies
    with Zend OPcache v8.2.23, Copyright (c), by Zend Technologies

which -a php

/opt/homebrew/bin/php
/usr/local/bin/php

php --ini

Configuration File (php.ini) Path: /opt/homebrew/etc/php/8.2
Loaded Configuration File:         /opt/homebrew/etc/php/8.2/php.ini
Scan for additional .ini files in: /opt/homebrew/etc/php/8.2/conf.d
Additional .ini files parsed:      /opt/homebrew/etc/php/8.2/conf.d/error_log.ini,
/opt/homebrew/etc/php/8.2/conf.d/ext-opcache.ini,
/opt/homebrew/etc/php/8.2/conf.d/php-memory-limits.ini

nginx -v

nginx version: nginx/1.27.1

curl --version

curl 8.7.1 (x86_64-apple-darwin23.0) libcurl/8.7.1 (SecureTransport) LibreSSL/3.3.6 zlib/1.2.12 nghttp2/1.61.0
Release-Date: 2024-03-27
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL threadsafe UnixSockets

php --ri curl

curl

cURL support => enabled
cURL Information => 8.9.1
Age => 11
Features
AsynchDNS => Yes
CharConv => No
Debug => No
GSS-Negotiate => No
IDN => Yes
IPv6 => Yes
krb4 => No
Largefile => Yes
libz => Yes
NTLM => Yes
NTLMWB => No
SPNEGO => Yes
SSL => Yes
SSPI => No
TLS-SRP => Yes
HTTP2 => Yes
GSSAPI => Yes
KERBEROS5 => Yes
UNIX_SOCKETS => Yes
PSL => No
HTTPS_PROXY => Yes
MULTI_SSL => Yes
BROTLI => Yes
ALTSVC => Yes
HTTP3 => No
UNICODE => No
ZSTD => Yes
HSTS => Yes
GSASL => No
Protocols => dict, file, ftp, ftps, gopher, gophers, http, https, imap, imaps, ldap, ldaps, mqtt, pop3, pop3s, rtmp, rtmpe, rtmps, rtmpt, rtmpte, rtmpts, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp
Host => aarch64-apple-darwin23.4.0
SSL Version => OpenSSL/3.3.2 (SecureTransport)
ZLib Version => 1.2.12
libSSH Version => libssh2/1.11.0

Directive => Local Value => Master Value
curl.cainfo => /Users/wt/php/cacert.pem => /Users/wt/php/cacert.pem

/opt/homebrew/bin/ngrok version

sudo: /opt/homebrew/bin/ngrok: command not found

ls -al ~/.ngrok2

total 8
drwx------    3 wt  staff    96 Aug  7  2019 .
drwxr-xr-x+ 301 wt  staff  9632 Sep 21 15:11 ..
-rw-------    1 wt  staff    85 Aug  7  2019 ngrok.yml

brew info nginx

==> nginx: stable 1.27.1 (bottled), HEAD
HTTP(S) server and reverse proxy, and IMAP/POP3 proxy server
https://nginx.org/
Installed
/opt/homebrew/Cellar/nginx/1.27.0 (24 files, 2.4MB)
  Built from source
/opt/homebrew/Cellar/nginx/1.27.1 (27 files, 2.4MB) *
  Poured from bottle using the formulae.brew.sh API on 2024-08-30 at 21:37:46
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/n/nginx.rb
License: BSD-2-Clause
==> Dependencies
Required: openssl@3, pcre2
==> Options
--HEAD
    Install HEAD version
==> Caveats
Docroot is: /opt/homebrew/var/www

The default port has been set in /opt/homebrew/etc/nginx/nginx.conf to 8080 so that
nginx can run without sudo.

nginx will load all files in /opt/homebrew/etc/nginx/servers/.

To start nginx now and restart at login:
  brew services start nginx
Or, if you don't want/need a background service you can just run:
  /opt/homebrew/opt/nginx/bin/nginx -g daemon\ off\;
==> Analytics
install: 13,404 (30 days), 40,420 (90 days), 159,103 (365 days)
install-on-request: 13,390 (30 days), 40,346 (90 days), 158,639 (365 days)
build-error: 3 (30 days)

brew info php

==> php: stable 8.3.11 (bottled), HEAD
General-purpose scripting language
https://www.php.net/
Installed
/opt/homebrew/Cellar/php/8.3.9 (521 files, 88.7MB)
  Built from source
/opt/homebrew/Cellar/php/8.3.11 (524 files, 88.8MB)
  Poured from bottle using the formulae.brew.sh API on 2024-08-30 at 21:37:41
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/p/php.rb
License: PHP-3.01
==> Dependencies
Build: httpd, pkg-config
Required: apr, apr-util, argon2, aspell, autoconf, curl, freetds, gd, gettext, gmp, icu4c, krb5, libpq, libsodium, libzip, oniguruma, openldap, openssl@3, pcre2, sqlite, tidy-html5, unixodbc
==> Options
--HEAD
    Install HEAD version
==> Caveats
To enable PHP in Apache add the following to httpd.conf and restart Apache:
    LoadModule php_module /opt/homebrew/opt/php/lib/httpd/modules/libphp.so

    
        SetHandler application/x-httpd-php
    

Finally, check DirectoryIndex includes index.php
    DirectoryIndex index.php index.html

The php.ini and php-fpm.ini file can be found in:
    /opt/homebrew/etc/php/8.3/

To start php now and restart at login:
  brew services start php
Or, if you don't want/need a background service you can just run:
  /opt/homebrew/opt/php/sbin/php-fpm --nodaemonize
==> Analytics
install: 52,970 (30 days), 154,197 (90 days), 685,009 (365 days)
install-on-request: 49,298 (30 days), 143,142 (90 days), 639,180 (365 days)
build-error: 16 (30 days)

brew info openssl

==> openssl@3: stable 3.3.2 (bottled)
Cryptography and SSL/TLS Toolkit
https://openssl-library.org
Installed
/opt/homebrew/Cellar/openssl@3/3.3.2 (6,984 files, 32.5MB) *
  Poured from bottle using the formulae.brew.sh API on 2024-09-09 at 11:30:35
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/o/openssl@3.rb
License: Apache-2.0
==> Dependencies
Required: ca-certificates
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
  /opt/homebrew/etc/openssl@3/certs

and run
  /opt/homebrew/opt/openssl@3/bin/c_rehash
==> Analytics
install: 467,567 (30 days), 1,248,059 (90 days), 5,025,438 (365 days)
install-on-request: 67,695 (30 days), 148,578 (90 days), 654,772 (365 days)
build-error: 4,322 (30 days)

openssl version -a

OpenSSL 3.3.2 3 Sep 2024 (Library: OpenSSL 3.3.2 3 Sep 2024)
built on: Tue Sep  3 12:46:38 2024 UTC
platform: darwin64-arm64-cc
options:  bn(64,64)
compiler: clang -fPIC -arch arm64 -O3 -Wall -DL_ENDIAN -DOPENSSL_PIC -D_REENTRANT -DOPENSSL_BUILDING_OPENSSL -DNDEBUG
OPENSSLDIR: "/opt/homebrew/etc/openssl@3"
ENGINESDIR: "/opt/homebrew/Cellar/openssl@3/3.3.2/lib/engines-3"
MODULESDIR: "/opt/homebrew/Cellar/openssl@3/3.3.2/lib/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_armcap=0x987d

openssl ciphers

TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA

sudo nginx -t

nginx: the configuration file /opt/homebrew/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /opt/homebrew/etc/nginx/nginx.conf test is successful

which -a php-fpm

/opt/homebrew/sbin/php-fpm
/usr/local/sbin/php-fpm

/opt/homebrew/opt/php/sbin/php-fpm -v

PHP 8.3.11 (fpm-fcgi) (built: Aug 27 2024 19:16:34)
Copyright (c) The PHP Group
Zend Engine v4.3.11, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.11, Copyright (c), by Zend Technologies

sudo /opt/homebrew/opt/php/sbin/php-fpm -y /opt/homebrew/etc/php/8.2/php-fpm.conf --test

[24-Sep-2024 13:28:35] NOTICE: configuration file /opt/homebrew/etc/php/8.2/php-fpm.conf test is successful

ls -al ~/Library/LaunchAgents | grep homebrew

-rw-r--r--    1 wt  staff   526 Jul  6  2023 homebrew.mxcl.mariadb.plist
-rw-r--r--@   1 wt  staff   726 Dec 15  2023 homebrew.mxcl.memcached.plist
-rw-r--r--    1 wt  staff   725 Dec 10  2019 homebrew.mxcl.openvpn.plist
-rw-r--r--@   1 wt  staff   789 Sep 24 12:53 homebrew.mxcl.php@8.2.plist
-rw-r--r--@   1 wt  staff   865 Mar 15  2024 homebrew.mxcl.redis.plist

ls -al /Library/LaunchAgents | grep homebrew

ls -al /Library/LaunchDaemons | grep homebrew

-rw-r--r--@  1 root  admin   797 Sep 24 12:51 homebrew.mxcl.dnsmasq.plist
-rw-r--r--@  1 root  admin   685 Sep 24 13:17 homebrew.mxcl.nginx.plist
-rw-r--r--@  1 root  admin   781 Sep 24 12:52 homebrew.mxcl.php.plist
-rw-r--r--@  1 root  admin   789 Sep 24 12:52 homebrew.mxcl.php@7.4.plist
-rw-r--r--@  1 root  admin   789 Sep 24 12:52 homebrew.mxcl.php@8.2.plist

ls -al /Library/LaunchDaemons | grep "com.laravel.valet."

ls -aln /etc/resolv.conf

lrwxr-xr-x  1 0  0  22 Aug  4 11:31 /etc/resolv.conf -> ../var/run/resolv.conf

cat /etc/resolv.conf

#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
search lan
nameserver 217.169.20.20
nameserver 217.169.20.21

ifconfig lo0

lo0: flags=8049 mtu 16384
    options=1203
    inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
    nd6 options=201

sh -c 'echo "------\n/opt/homebrew/etc/nginx/valet/valet.conf\n---\n"; cat /opt/homebrew/etc/nginx/valet/valet.conf | grep -n "# valet loopback"; echo "\n------\n"'

------
/opt/homebrew/etc/nginx/valet/valet.conf
---

3:    #listen VALET_LOOPBACK:80; # valet loopback

------

sh -c 'for file in ~/.config/valet/dnsmasq.d/*; do echo "------\n~/.config/valet/dnsmasq.d/$(basename $file)\n---\n"; cat $file; echo "\n------\n"; done'

------
~/.config/valet/dnsmasq.d/tld-test.conf
---

address=/.test/127.0.0.1
listen-address=127.0.0.1

------

sh -c 'for file in ~/.config/valet/nginx/*; do echo "------\n~/.config/valet/nginx/$(basename $file)\n---\n"; cat $file | grep -n "# valet loopback"; echo "\n------\n"; done'

------
~/.config/valet/nginx/acc.test
---

3:    #listen 127.0.0.1:80; # valet loopback
10:    #listen VALET_LOOPBACK:443 ssl; # valet loopback
54:    #listen 127.0.0.1:60; # valet loopback

------

------
~/.config/valet/nginx/adthing.test
---

5:    #listen VALET_LOOPBACK:80; # valet loopback

------

------
~/.config/valet/nginx/care.test
---

4:    #listen 127.0.0.1:80; # valet loopback
11:    #listen VALET_LOOPBACK:443 ssl; # valet loopback
55:    #listen 127.0.0.1:60; # valet loopback

------

------
~/.config/valet/nginx/credobase.test
---

5:    #listen VALET_LOOPBACK:80; # valet loopback

------

------
~/.config/valet/nginx/credocare-portal.test
---

5:    #listen VALET_LOOPBACK:80; # valet loopback

------

------
~/.config/valet/nginx/credocare-public.test
---

3:    #listen 127.0.0.1:80; # valet loopback
10:    #listen VALET_LOOPBACK:443 ssl; # valet loopback
54:    #listen 127.0.0.1:60; # valet loopback

------

------
~/.config/valet/nginx/fastcgi_params
---

------

------
~/.config/valet/nginx/goodwood-fos.test
---

3:    #listen 127.0.0.1:80; # valet loopback
10:    #listen VALET_LOOPBACK:443 ssl; # valet loopback
54:    #listen 127.0.0.1:60; # valet loopback

------

------
~/.config/valet/nginx/goodwood-fosportal.test
---

3:    #listen 127.0.0.1:80; # valet loopback
10:    #listen VALET_LOOPBACK:443 ssl; # valet loopback
54:    #listen 127.0.0.1:60; # valet loopback

------

------
~/.config/valet/nginx/goodwood-mmportal.test
---

3:    #listen 127.0.0.1:80; # valet loopback
10:    #listen VALET_LOOPBACK:443 ssl; # valet loopback
54:    #listen 127.0.0.1:60; # valet loopback

------

------
~/.config/valet/nginx/goodwood-rc.test
---

3:    #listen 127.0.0.1:80; # valet loopback
10:    #listen VALET_LOOPBACK:443 ssl; # valet loopback
54:    #listen 127.0.0.1:60; # valet loopback

------

------
~/.config/valet/nginx/goodwood-revival.test
---

3:    #listen 127.0.0.1:80; # valet loopback
10:    #listen VALET_LOOPBACK:443 ssl; # valet loopback
54:    #listen 127.0.0.1:60; # valet loopback

------

------
~/.config/valet/nginx/goodwood-revportal.test
---

3:    #listen 127.0.0.1:80; # valet loopback
10:    #listen VALET_LOOPBACK:443 ssl; # valet loopback
54:    #listen 127.0.0.1:60; # valet loopback

------

------
~/.config/valet/nginx/kimai.test
---

3:    #listen 127.0.0.1:80; # valet loopback
10:    #listen VALET_LOOPBACK:443 ssl; # valet loopback
54:    #listen 127.0.0.1:60; # valet loopback

------

------
~/.config/valet/nginx/startnew.test
---

3:    #listen 127.0.0.1:80; # valet loopback
10:    #listen VALET_LOOPBACK:443 ssl; # valet loopback
54:    #listen 127.0.0.1:60; # valet loopback

------

[poutena]

@wturrell I was having the same issue, and the solutions discussed on #1487 didn't help me either. Reinstalling Valet did fix it, though, just in case you haven't tried it yet.

[dev]

Same issues here since upgrading to Valet v4!

[dev]

Fixed by running following commands:

rm ~/.config/valet/CA/*
valet install

[adrum]

There is no command currently to renew the self-signed Certificate Authority cert. If you ran valet install prior to version v2.18.1 (fix), you will likely run into this issue after upgrading to v4.7.0 or later. The CA back then had a validity of 368 days. Running valet install on a machine after that version will generate a valid CA for 20 years.

I'll take a look at adding a way to renew the CA cert automatically if it's expired. Although, it's should be an increasingly less common scenario, it will likely hit people who have had Valet installed a few years (or just running an outdated version for awhile).