Homestead: Google Chrome Privacy Error
Please note that the Homestead issue tracker is reserved for bug reports and enhancements. We are not always able to debug Vagrant, Provider or Operating System issues, but will do our best to help. Thank you!
Versions
- Vagrant: Run
vagrant -vto show the version.
2.0.1 - Provider: Virtualbox, VMWare or Parallels and its version.
5.2 - Homestead: Run
homestead --versionto show the version.
when typing into terminal I get: homestead' is not recognized as an internal or external command,
But I updated to the latest version today (5x?)
==> homestead-7: Checking if box 'laravel/homestead' is up to date...
A lot of issues can be resolved by simply updating vagrant, provider or homestead.
Note: Virtualbox users, please upgrade to
~5.2. You will show as up-to-date from the~5.0version when youAbout -> Check for Updates. You'll need to download a newer version of Virtualbox.
Host operating system
This is the operating system that you run locally.
Win10
## Homestead.yaml
Copy-paste your Homestead.yaml here
ip: "192.168.10.10"
memory: 2048
cpus: 1
provider: virtualbox
authorize: ~/.ssh/id_rsa.pub
keys:
- ~/.ssh/id_rsa
folders:
- map: G:/Dropbox/PhpStorm Projects/elasticstage
to: /home/vagrant/elasticstage
- map: G:/Dropbox/PhpStorm Projects/mix_test
to: /home/vagrant/mix_test
- map: G:/Dropbox/PhpStorm Projects/phpMyAdmin
to: /home/vagrant/phpMyAdmin
sites:
- map: homestead.app
to: /home/vagrant/mix_test/public
- map: elastic.app
to: /home/vagrant/elasticstage/public
schedule: true
- map: phpmyadmin.app
to: /home/vagrant/phpMyAdmin
databases:
- homestead
# blackfire:
# - id: foo
# token: bar
# client-id: foo
# client-token: bar
# ports:
# - send: 50000
# to: 5000
# - send: 7777
# to: 777
# protocol: udp
Expected behavior
What should have happened? Please include as much detail as possible.
want to see "https://elastic.app/"
Actual behavior
What actually happened? Please include as much detail as possible.
Get this (blow) and I'm unable to see website. Totally stuck!
Happened when I came in today. Maybe a Google Chrome update?
Was working fine for months before.
Your connection is not private
Attackers might be trying to steal your information from elastic.app (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
Automatically send some system information and page content to Google to help detect dangerous apps and sites. Privacy policy
ReloadHIDE ADVANCED
elastic.app normally uses encryption to protect your information. When Google Chrome tried to connect to elastic.app this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be elastic.app, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.
You cannot visit elastic.app right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
elastisteve
All 26 comments
Try changing your sites to use .test instead of .app. This sounds like #754
svpernova09
on 7 Dec 2017
Thanks. That did work.
elastisteve
on 7 Dec 2017
It did not work for me. I tried both, .test and .dev 😕
popstheman
on 12 Dec 2017
Neither .test nor .dev are fixing this issue for me.
hounslow
on 12 Dec 2017
make sure you have changed your Homestead.yaml files to use .test then vagrant destroy && vagrant up. If it does not work then, please open a new issue and fill out all the information.
svpernova09
on 12 Dec 2017
It didn't work for me too. Help me!!!
edit: I found it. If your are Mac User, try .test instead of .dev
source: https://github.com/laravel/homestead/pull/697
stepbirt
on 13 Dec 2017
https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/
The .dev domains work fine in FireFox, though. As I see it, I will just switch to another TLD for local development (.test, .local).
HristoAntov
on 13 Dec 2017
Thanks for the link @HristoAntov. Seems Chrome now forces .dev as well as .app domains to use strict HTTPS. Pretty strange update if you ask me, but at least there's a fairly easy workaround.
Anyone know if there are any other TLDs Chrome is doing this with now?
slightlyfaulty
on 13 Dec 2017
Changing all domains to .test and running vagrant reload --provision did the trick.
Ravaelles
on 14 Dec 2017
I am having the same issue. Changing the domain name did not work for me. I changed the name in /etc/hosts and in homestead.yaml and did vagrant destroy/vagrant up and vagrant reload --provision. I even reinstalled homestead, vagrantbox and wamp. Nothing has fixed it yet!
petermirmo
on 16 Dec 2017
Another tip that came up from ma.ttias.be blog's comments (Previously shared here by @HristoAntov):
hintss: Link to comment
protip: you can type “badidea” at the https error screen to skip it, avoid using the mouse
It worked for me, and yes it also bypasses the HSTS-warning. (Chrome, Chromium)
I have changed my hostname to eg. _project.vagrant_ though, for convenience (with a manually allowed cert). Imho HSTS itself should stay, but we should have an option to skip, I'm fine with this one.
(Note that .vagrant is not a valid tld. As mentioned by @seouncloaked below, you'd need to use an existing tld for Oauth-testing etc. - maybe _.app_?)
--
Note:
I guess that Homestead _does_ provide a https connection out of the box. This might not always be the case with other boxes, environments or set-ups. HSTS forces (certain?) tld's to go through https, like .dev - so this might not be your final-solution and you would end up changing the hostname anyway if you don't set up ssl (valid or not).
xewl
on 17 Dec 2017
Seems that it only works without https. Did anyone succeed using https?
http://homestead.test works fine.
https://homestead.test does not work.
dorinniscu
on 18 Dec 2017
hi guys, i dont need this ssl thing, how can i turn it off by default?
natsu90
on 19 Dec 2017
@natsu90 you cannot. Chrome forces something called HSTS on these specific TLDs. Switch to an approved TLD (.test is the suggestion) to avoid this issue.
@dorin-niscu http://homestead.test will work because Chrome does not force HSTS for it. https://homestead.test should work, we automatically configure HTTPS with Homestead sites. However, since the self signed certificate is not automatically trusted by the browser you will either need to add it to your computer's trusted certs, or just click the proceed with caution button in chrome.
browner12
on 19 Dec 2017
@browner12 It worked fine until this weekend (I know about the browser updates). I accepted the certificate warning when I was asked and redirected to ERR_EMPTY_RESPONSE page. I also manually imported the certificate into Chrome just to make sure. It works fine on XAMPP on Windows 10.
dorinniscu
on 19 Dec 2017
The bigger problem though with forcing homestead over to .test is that Google callback urls require a legit TLD. So .dev allows you to test your Google Socialite accounts locally. .test will not...
seouncloaked
on 19 Dec 2017
Very helpful link to solve the issue.
Using self-signed SSL certificates with Postman
Just follow steps.
ShivarajRH
on 1 Jan 2018
chrome has problem with , app and dev extensions it redirects to https url automatically , you should change all to something else , .test is ok , .xzxz , .abc ...
change in yaml file , change in etc/host file , then learn the ID of your VM with vagrant global-status ,
while vagrant is running , command vagrant provision id-of-your-VM
than vagrant reload
ulaskorpe
on 8 Jan 2018
After making the changes in Homestead.yaml and /etc/hosts, one can also do vagrant halt && vagrant up --provision. That way the vm doesn't have to be destroyed.
Roemerb
on 13 Jan 2018
Hello there! I keep having the problem where after having "lsapp.test" in my .yaml file, ets/hosts file, provisioning it with the id then reloading it keep getting:
Your connection is not private!
Attackers might be trying to steal your information from lsapp.test (for example, passwords, messages, or credit cards).
Learn more
NET::ERR_CERT_AUTHORITY_INVALID
I don't knwo what else do i have to change to get rid of this. I tried using mozilla firefox and i get the same exact message.
My homestead.yaml
ip: "192.168.10.10"
memory: 2048
cpus: 2
provider: virtualbox
authorize: ~/.ssh/id_rsa.pub
keys:
- ~/.ssh/id_rsa
folders:
- map: C:WebDevlaravel-sites
to: /home/vagrant/laravel-sites
sites:
- map: lsapp.test
to: /home/vagrant/laravel-sites/lsapp/public
databases:
- homestead
blackfire:
- id: foo
token: bar
client-id: foo
client-token: bar
ports:
- send: 50000
to: 5000
- send: 7777
to: 777
protocol: udp
The line i added to the host
192.168.10.10 lsapp.test
(i also tried doing)
127.0.0.1 lsapp.test
And always get the same issue....
buzzingcookie
on 17 Feb 2018
Change to .test or .app and then reload page in incognito window. It works for me.
hoanglam1203
on 26 Feb 2018
Could you provide an information on startup or somewhere else?
The official documentation always recommended .app, so it would be useful to check on startup if an official TLD is used and therefore getting blocked by current browsers.
mpathy
on 26 Jun 2018
I was facing the same issue, but I fixed it just by:
- Checking all the typos
- Run "vagrant provision"
mestre-c
on 27 Jun 2018
It didn't work for me too. Help me!!!
edit: I found it. If your are Mac User, try
.testinstead of.dev
source: #697
worked for me
mvhk
on 28 Sep 2019
May not be the easiest way but this seems to be the way to sort my problems
https://www.eaglepeakweb.com/blog/how-to-enable-ssl-https-tls-laravel-homestead
minasm
on 16 Oct 2019
Change your sites in Homestead.yaml to .test instead of .app
Also make sure to go to C:\WindowsSystem32driversetc and change hosts file by adding .test instead of .app
Then if you're using Chrome, open incognito mode and then try it. Worked for me on Windows!
jawadchughtai6
on 26 Oct 2019
Related issues
dorinniscu
·
4Comments
alexdover
·
4Comments
cschoeni
·
4Comments
mtpultz
·
4Comments
gormus
·
4Comments
Most helpful comment
Try changing your sites to use
.testinstead of.app. This sounds like #754