dockerfiles icon indicating copy to clipboard operation
dockerfiles copied to clipboard
verified publisher icon continuouspipe

SSL Issues

Open davidianbonner opened this issue 8 years ago • 2 comments

In the past week I've recently started to run into issues with the self signed SSL certificates.

When visiting my-domain.local (moved from .dev), Google, Firefox and Safari now warn that the domain is not secure and throw the following errors:

  • Subject Alternative Name missing
  • Certificate error – There are issues with the site's certificate chain (net::ERR_CERT_AUTHORITY_INVALID)

Looking to rule out if this is an image issue or a machine issue. Has anyone came across this issue out of the blue?

davidianbonner avatar Jan 07 '18 03:01 davidianbonner

Hi @davidianbonner, are you setting the environment variable WEB_HOST to my-domain.local or is it still my-domain.dev?

The cert authority error is expected but the subject alternative name missing is not and generally is when the Common Name (CN) in the certificate subject doesn't match the domain being visited ( https://github.com/continuouspipe/dockerfiles/blob/master/php/shared/usr/local/share/php/webserver_functions.sh#L25 ).

If it's set correctly could you let us know the docker image being used?

kierenevans avatar Jan 07 '18 14:01 kierenevans

Hi @kierenevans thanks for your response.

Yes, WEB_HOST is set to my-domain.local as well.

Could it be related to Common Name usage being deprecated from Chrome 65 (haven't looked into other browsers yet) – https://support.google.com/chrome/a/answer/7391219?hl=en. Currently using 63 though.

ssl

I am using quay.io/continuouspipe/php7.1-nginx:stable.

Cheers.

davidianbonner avatar Jan 07 '18 22:01 davidianbonner