Auto SSL certs

[shreyasminocha]

typicode#309 and typicode#346. This would be really great.

[jeansaad]

I have gone down the road of SSL certs using mkcert but I have found issues with certain browsers (ahem Safari), that are a bit finicky.

I personally would love to have automated certificates with an ACME server, but need to find a way to cleanly integrate this. This means that there would be a root Chalet certificate and autogenerated certificates for each subdomain in chalet. Open to ideas and help on this!

[leeovery]

I have been using this little snippet for ages now. Never had any issues. I use .box as my tld. If yours is different just adjust accordingly in 2 places. It uses mkcert which is installed via Homebrew.

ls ~/.chalet/servers | sed -E 's/\.json/.box/g' | tr '\n' ' ' | xargs mkcert -key-file ~/.chalet/key.pem -cert-file ~/.chalet/cert.pem 'localhost' '127.0.0.1' '0.0.0.0' 'chalet.box'

I actually have it setup as an alias in my system:

alias make_local_ssl="ls ~/.chalet/servers | sed -E 's/\.json/.box/g' | tr '\n' ' ' | xargs mkcert -key-file ~/.chalet/key.pem -cert-file ~/.chalet/cert.pem 'localhost' '127.0.0.1' '0.0.0.0' 'chalet.box'"

[melalj]

Thanks @leeovery
I tried to install mkcert and your snippet (I ran mkcert -install after).

alias make_local_ssl="ls ~/.chalet/servers | sed -E 's/\.json/.test/g' | tr '\n' ' ' | xargs mkcert -key-file ~/.chalet/key.pem -cert-file ~/.chalet/cert.pem 'localhost' '127.0.0.1' '0.0.0.0' 'chalet.test'"

But I still have issues with the SSL on Brave:

[pascalpp]

Update: I'm embarrassed to say this was resolved simply by adding my chalet hostnames to /etc/hosts. Didn't realize that was still a thing 😊

previously…

@jeansaad I'm wondering if you ever found a working SSL solution for Safari. Where I'm at:

On my old work computer:

• I have a working chalet setup using minica for SSL and am able to view chalet hosts on Chrome, Firefox, and Safari.
• Some time last year I replaced my chalet minica certs with mkcert certs and everything is still working fine.
• I'm switching jobs so I have to surrender this working computer at the end of the month. I'm trying to replicate this setup on my new work computer.

On my new work computer:

• I've got chalet setup with mkcert, and am able to view chalet hosts in Chrome and Firefox (partly thanks to this guide https://web.dev/articles/how-to-use-local-https)
• But Safari refuses to load my chalet hosts. It just shows a partial progress bar indefinitely, with no error page or any sort of diagnostic info:

There's also nothing in my app server logs, and no new logs in chalet's daemon.log after its initial start up logs (tested this by moving the old log aside and restarting chalet with a fresh log). So looks like Safari isn't even reaching chalet, and I'm kinda stumped how to figure out what the blocker is. So if you have any pointers on debugging this, I'd love to hear em. (Obviously not your problem so feel free to just say 'good luck with that buddy', haha.)