Sites not accessible: NET::ERR_CERT_REVOKED

This was working as of Friday. I’m on Local Lightning 5.2.3.

I’m getting this error on all sites with SSL installed (even one I just trusted a moment ago):

Here are the details shown when I click into the cert:

This results in simply not being able to access the site at all. Unlike the SSL invalid error, this one can’t be bypassed, so far as I can tell.

Oh, I should note that I’m on Mac, running Catalina 10.15.2.

Have you clicked to trust the cert in Local’s site settings under the SSL tab?

Yes, the site is trusted.

The only other thing I can think of from my own experience and current issues with application is to ask if you are trying to use a subdomain including “www”. I am able to get it to go to https://domain.local, but not https://www.domain.local or any other subdomain unfortunately. 3.x created wildcard certs. 5.x is not doing that for me so far on Mac.

No, we’re not doing that, and in fact we’re seeing this on both new sites and sites that already were working properly the other day (they were running over https previously).

Unfortunately, for the moment, this has made Local unworkable for me without manually moving a site and all components of the site over to http (individual images also fail to load over https, for the same reason).

UPDATE: This appears to be a somewhat Chrome-specific issue (the site loads in FireFox, but does not load in Safari, though Safari does give me a way to trust the certificate regardless).

There’s a perhaps related thread on this:
https://support.google.com/chrome/thread/14551925?hl=en

Which suggests that perhaps the self-signed certs aren’t meeting a new requirement from Nov. 2019 that they should. Anyway, long term this is going to be a significant inconvenience. If someone could let me know what you think is happening or ask for more information, I’d love to send anything I can to help troubleshoot this.

Anyone watching these from the Local team?

This issue is ongoing, but I’ve noticed something else odd. When I attempt to use MigrateDB Pro through CLI, the connection fails. It works fine through the site backend, but not through CLI. Not sure if it’s related, but it’s across all sites and the timing is the same.

Any thoughts?

I found a pretty nuts workaround for this, but it does work.

While on the page, simply type (not into the url bar, just with the page in general selected) – type thisisunsafe

When you do that, the page reloads, and it will load both the page and images, etc. even if they’re loading over in insecure connection. So, while I do think there’s something wrong here, this gets me where I need to be for the moment, at any rate.

1 Like

Just bumping this. Is there anyone from the Local team who’d like to respond?

Been having the same issue, making local unusable for me at this point.

Supports been a joke, do the local team even monitor these forums?

I’m not experiencing the same problem (I’m not yet running Catalina), but just a thought: If you open the Keychain Assistant application on your mac, do you see the certificate in there?

I’m wondering if perhaps Local is having problems adding the certificate to Keychain Assistant on Catalina and/or trusting the certificate after copying it there. Behind the scenes that is what Local does to trust certificates.

On MAMP I had to do this manually for every site I created, and here are instructions for how to do that: https://css-tricks.com/getting-around-revoked-certificate-osx/

I’d looked through this article, actually, when I’d posted the ticket, and just took a second look. There’s a cert that’s been added for a site that I just added a moment ago. The expiration is in the future, and it says “trusted” everywhere. However, I still see the “Cert Revoked” error when I actually try to load the site over https.

Here are the details:

With some great help from @redblue, we’ve possibly made a bit of a breakthrough on this one. The vast majority of Local users, even those using Mac OS Catalina, haven’t been running into the certificate revocation issue in the latest versions of Local but a few still are and we want to try to make some headway for those folks that have been running into this.

@redblue was able to send us over the .cer file that was being revoked in Chrome. From there we were able to spot that Avast was being injected into the Certificate’s Common Name and Organization fields for the Issuer. This was breaking the certificate from the point it was even issued and no amount of overriding it through Keychain exceptions made any difference.

When we identified this, he noted that Avast has been installed on his computer for quite some time but only recently did this problem arise. We had created a certificate that did not have this information, which didn’t work out of the gate but @redblue responded with this:

In the meantime, I went ahead and replaced the linewise.local cert with the one attached. Unfortunately, that doesn’t seem to have had any effect. But THEN, I deleted that cert and regenerated one through Local, which did actually work – first time in about a month that a cert for a local site has been valid. I realize this probably raises more questions than answers, but this is something I’ve tried before as well.

We don’t have a complete solution yet but we would like to try to explore this particular avenue with other folks that are still being affected with the certificate issues in Local (after installing the latest version).

If you are still experiencing this issue, please check to see if you have any Antivirus/Firewall software running, temporarily close/disable them and try to remove/re-issue a certificate within Local. If you still have problems, would you be able to manually inspect your certificates or upload it?

1 Like

Just in case it’s helpful (and I’m not sure if it had any effect), but on my machine, I also made one other change, unchecking the two unchecked boxes in the Avast preferences.

Thanks so much to @mattwhosthat for your diligence in looking into this!

Hi all,

After @mattwhosthat discovery, i looked at my certificates and have noticed that i am experiencing the same issue, but i have AVG installed on my machine and not AVAST.

Same issue here using multisites. I had to downgrade to 3.x to keep working.

I’m running Linux without antivirus software and I’m also seeing invalid SSL certs in Chrome so I know that’s not the cause of my problems.

My issue is documented here. And I’ve seen 2 other people with similar problems here and here. I really hope that support eventually responds to these problems.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.