Google Chrome localhost | NET::ERR_CERT_AUTHORITY_INVALID
Navigate to
chrome://flags/#allow-insecure-localhost
and set this to enabled.
After playing around, I came up with one kind of a solution.
First, lets talk about the problem: the cause of this error is that both of us used a .dev
domain for our local development. If you go here you will find out that root .dev
domain is owned by Google and applying HSTS in Chrome they enforce https-redirect for this domain. Since we use .dev
domains, we get redirected to https version and at the same time we don't have any actual certificates installed. So, we see this annoying error. If you go to chrome://net-internals/#hsts
you can check your .dev
domain and you will actually find out that
static_sts_domain: dev
static_upgrade_mode: FORCE_HTTPS
static_sts_include_subdomains: true
which confirms that HSTS is enforced on *.dev
indeed. The policy type is static and, as I understand, it's kind of hard-coded to https-redirect .dev
domains.
So, there are at least 2 ways - get and set up an actual certificate somehow or just use another (not .dev
) root domain in httpd-vhosts.conf for your local development (also don't forget to update /etc/hosts
and launch apache again). I went another root domain route and it solved this issue.
This is really annoying to deal with, but mapping the local website to something other than .dev
(I personally use .devo
) does work and fixes the problem in chrome. Also, you can add an exception for the page in Mozilla Firefox and not deal with this at all. It's only a problem on Chrome 63+