http-server with self-signed certs and enabling support in Chrome

To test loading a site locally with http-server you need to generate self-signed certs:

openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout key.pem -out cert.pem

Now start up http-server using the new cert:

http-server -S -C cert.pem -o .

If you attempt to browse https://localhost:8080 though, Chrome will block self-signed certs by default. To allow self-signed certs, enter in your Chrome address bar:

chrome://flags/#allow-insecure-localhost

And then enable the highlighted setting:

Let’s Encrypt certificate expired on older Macs

I have a number of older machines that I use on a regular basis, so I’m no stranger to the struggles of not being able to browse current websites on older machines with older browsers and the typical SSL/TLS support issues that you run into. I was surprised to see this error this week on my 2008 Mac Pro running Mac OS X 10.11 El Capitan and a latest version of Chrome:

Looking at the certificate for any site not loading it looks like the certificate has expired:

I’m not seeing this on my other later/current machines though, so clearly something on these older machines is no longer getting updates. Browsing around a few other sites and seeing the same issue on many sites so it was not just limited to a single site, so I realized something else was going on. Some Googling found this article:

Following the steps to download the updated certificate from LetsEncrypt and install it into Keychain did the job.

SSL certs upgraded, Docker images upgraded, ready to go!

I had to renew my SSL certs for this site, so while doing so I upgraded and addressed a few other issues.

First, apparently when I deployed the SSL certs last time I missed out some of the root certs in the chain. The vendor I used gives you each of the root certs individually and you need to manually concatenate them together yourself. More in another post on the steps I too to do this.

Since certs are part of my nginx Docker image, I rebuilt my image upgrading everything to latest versions. Since it was a also a couple of years since I last did this, I also had to go back through my posts here to work out the steps I took to deploy last time. I’ll post another update on the steps I took for this also later.

nginx ssl cert error:

When you concatenated your SSL .crt intermediate and root certs together, it’s likely you ended up with lines line this:

—–END CERTIFICATE———-BEGIN CERTIFICATE—–

To fix this, manually edit to insert a newline between the end and begin like this, and you should be all set:

-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----