My domain is: kvb.192.168.1.102.xip.io
My web server is (include version): nginx/1.13.6
The operating system my web server runs on is (include version): My machine is Windows 10 running Laravel Homestead (Vagrant), which uses Ubuntu 16.04.4 LTS
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
How to get "green lock" SSL certificate on local environment?
Certificates for localhost - Let's Encrypt says:
How do you get the green lock locally? The best option: Generate your own certificate, either self-signed or signed by a local root, and trust it in your operating system’s trust store. Then use that certificate in your local web server. See below for details. If you want a little more realism in your development certificates, you can use minica to generate your own local root certificate, and issue end-entity (aka leaf) certificates signed by it. You would then import the root certificate rather than a self-signed end-entity certificate.
So I installed Minica, used it to create a certificate, set up my local Homestead server to use that certificate, and trusted the certificate in Windows:
Unfortunately, I still get this error:
This page is not secure (broken HTTPS).
Certificate - missing
This site is missing a valid, trusted certificate (net::ERR_CERT_AUTHORITY_INVALID).
Here are the details. I ran:
homestead.bat ssh
sudo apt-get install golang-go
mkdir ~/go_work (probably not even necessary because it will get created automatically later because we will set GOPATH to this)
sudo vim ~/.profile
add this line: export GOPATH=$HOME/go_work
source ~/.profile
go get github.com/jsha/minica
mkdir ~/go_work/minica_work
cd ~/go_work/minica_work
~/go_work/bin/minica -domains kvb.192.168.1.102.xip.io
cp -r ~/go_work/minica_work/ ~/Code/katievb-laravel
Then open Windows Command Prompt as admin.
cd c:\code\katievb-laravel
certutil -addstore -enterprise -f "Root" minica_work/kvb.192.168.1.102.xip.io/cert.pem
- Windows search > Manage computer certificates
- Trusted Root Certification Authorities > Certificates > kvb.192.168.1.102.xip.io > Open > Details > Copy to File > Next > .DER > C:\code\katievb-laravel\kvb.192.168.1.102.xip.io.der.cer
homestead.bat ssh
sudo mkdir /etc/nginx/ssl/minica
sudo cp go_work/minica_work/kvb.192.168.1.102.xip.io/cert.pem /etc/nginx/ssl/minica/kvb.192.168.1.102.xip.io.crt
sudo cp go_work/minica_work/kvb.192.168.1.102.xip.io/key.pem /etc/nginx/ssl/minica/kvb.192.168.1.102.xip.io.key
sudo vim /etc/nginx/sites-enabled/kvb.192.168.1.102.xip.io
Replace these 2 lines:
ssl_certificate /etc/nginx/ssl/kvb.192.168.1.102.xip.io.crt;
ssl_certificate_key /etc/nginx/ssl/kvb.192.168.1.102.xip.io.key;
With:
ssl_certificate /etc/nginx/ssl/minica/kvb.192.168.1.102.xip.io.crt;
ssl_certificate_key /etc/nginx/ssl/minica/kvb.192.168.1.102.xip.io.key;
Then
sudo service php7.2-fpm restart
sudo service nginx stop
sudo service nginx start
Then restart Chrome.
Is it possible to use Let's Encrypt in the way that I'm hoping? I use the free xip.io service so that my local site URL is kvb.192.168.1.102.xip.io (which I can then test via my desktop and mobile on my LAN), and I want it to be fully trusted by my browsers (with a green lock).
What are my options? Thanks.
My question is also written here (with a bounty): ssl - How to get https certificate working on local Laravel Homestead site - Stack Overflow