My domain is: kvb.192.168.1.102.xip.io
My web server is (include version): nginx/1.13.6
The operating system my web server runs on is (include version): My machine is Windows 10 running Laravel Homestead (Vagrant), which uses Ubuntu 16.04.4 LTS
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
How to get “green lock” SSL certificate on local environment?
How do you get the green lock locally? The best option: Generate your own certificate, either self-signed or signed by a local root, and trust it in your operating system’s trust store. Then use that certificate in your local web server. See below for details. If you want a little more realism in your development certificates, you can use minica to generate your own local root certificate, and issue end-entity (aka leaf) certificates signed by it. You would then import the root certificate rather than a self-signed end-entity certificate.
So I installed Minica, used it to create a certificate, set up my local Homestead server to use that certificate, and trusted the certificate in Windows:
Unfortunately, I still get this error:
This page is not secure (broken HTTPS).
Certificate - missing
This site is missing a valid, trusted certificate (net::ERR_CERT_AUTHORITY_INVALID).
Here are the details. I ran:
homestead.bat ssh sudo apt-get install golang-go mkdir ~/go_work (probably not even necessary because it will get created automatically later because we will set GOPATH to this) sudo vim ~/.profile add this line: export GOPATH=$HOME/go_work source ~/.profile go get github.com/jsha/minica mkdir ~/go_work/minica_work cd ~/go_work/minica_work ~/go_work/bin/minica -domains kvb.192.168.1.102.xip.io cp -r ~/go_work/minica_work/ ~/Code/katievb-laravel
Then open Windows Command Prompt as admin.
cd c:\code\katievb-laravel certutil -addstore -enterprise -f "Root" minica_work/kvb.192.168.1.102.xip.io/cert.pem
- Windows search > Manage computer certificates
- Trusted Root Certification Authorities > Certificates > kvb.192.168.1.102.xip.io > Open > Details > Copy to File > Next > .DER > C:\code\katievb-laravel\kvb.192.168.1.102.xip.io.der.cer
homestead.bat ssh sudo mkdir /etc/nginx/ssl/minica sudo cp go_work/minica_work/kvb.192.168.1.102.xip.io/cert.pem /etc/nginx/ssl/minica/kvb.192.168.1.102.xip.io.crt sudo cp go_work/minica_work/kvb.192.168.1.102.xip.io/key.pem /etc/nginx/ssl/minica/kvb.192.168.1.102.xip.io.key sudo vim /etc/nginx/sites-enabled/kvb.192.168.1.102.xip.io
Replace these 2 lines:
ssl_certificate /etc/nginx/ssl/kvb.192.168.1.102.xip.io.crt; ssl_certificate_key /etc/nginx/ssl/kvb.192.168.1.102.xip.io.key;
ssl_certificate /etc/nginx/ssl/minica/kvb.192.168.1.102.xip.io.crt; ssl_certificate_key /etc/nginx/ssl/minica/kvb.192.168.1.102.xip.io.key;
sudo service php7.2-fpm restart sudo service nginx stop sudo service nginx start
Then restart Chrome.
Is it possible to use Let’s Encrypt in the way that I’m hoping? I use the free xip.io service so that my local site URL is kvb.192.168.1.102.xip.io (which I can then test via my desktop and mobile on my LAN), and I want it to be fully trusted by my browsers (with a green lock).
What are my options? Thanks.
My question is also written here (with a bounty): https://stackoverflow.com/q/48969083/470749