SSL Issues

[davidianbonner]

In the past week I've recently started to run into issues with the self signed SSL certificates.

When visiting my-domain.local (moved from .dev), Google, Firefox and Safari now warn that the domain is not secure and throw the following errors:

• Subject Alternative Name missing
• Certificate error – There are issues with the site's certificate chain (net::ERR_CERT_AUTHORITY_INVALID)

Looking to rule out if this is an image issue or a machine issue. Has anyone came across this issue out of the blue?

[kierenevans]

Hi @davidianbonner, are you setting the environment variable WEB_HOST to my-domain.local or is it still my-domain.dev?

The cert authority error is expected but the subject alternative name missing is not and generally is when the Common Name (CN) in the certificate subject doesn't match the domain being visited ( https://github.com/continuouspipe/dockerfiles/blob/master/php/shared/usr/local/share/php/webserver_functions.sh#L25 ).

If it's set correctly could you let us know the docker image being used?

[davidianbonner]

Hi @kierenevans thanks for your response.

Yes, WEB_HOST is set to my-domain.local as well.

Could it be related to Common Name usage being deprecated from Chrome 65 (haven't looked into other browsers yet) – https://support.google.com/chrome/a/answer/7391219?hl=en. Currently using 63 though.

I am using quay.io/continuouspipe/php7.1-nginx:stable.

Cheers.