I recently dedicated one PC on my home LAN as a Chrome 7 development server for migration of a Drupal 6 production website and find that the Chrome browser on my desktop cannot access the development website using either http or https and I think it may have something to do with HSTS and the server's self-signed certificate.
The server is named ASW.DEV and has a static IP LAN address which was added to my desktop's hosts file in Windows 7. I can access the website using IE and firefox browsers, and from chrome on my laptop, but not from the chrome browser on my desktop. When I navigate to ASW.DEV from my desktop, chrome gives me the following Privacy Error
and when I click on Advanced, the diagnostic message includes "You cannot visit asw.dev right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later." I do not see that HSTS is invoked anywhere in my Apache or SSL configuration, but when I check the Chrome browser's internal site settings with "chrome://net-internals/#hsts", I see that asw.dev and http://www.asw.dev are both set to https only.
Unfortunately entering either form of asw.dev in Chrome's "Delete domain security policies" does nothing. I checked to see if either domains might be in Google's "preloaded" list and they do not seem to be. So my conclusion is that something in my Desktop version of Chrome (Version 63.0.3239.40 (Official Build) beta 64-bit) is causing this problem and there are 3 options, each of which I tried without success:
1 - Remove HSTS restriction from Chrome (Doesn't work)
2 - Get Apache to serve valid https (Gives certificate error)
3 - Rebuild/reset the website's Self-Signed Certificate for https (Also gives certificate error)
4 - Rename the development website to get around the problem (Haven't done this yet)
If anyone has any ideas on how to correct this problem, I sure would appreciate the guidance. Thanks.
Chrome can't access local website with http or https - Is HSTS the problem?
Re: Chrome can't access local website with http or https - Is HSTS the problem?
This looks like a question that would be better addressed to a forum devoted to chrome, especially since it's something we don't ship at all.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Chrome can't access local website with http or https - Is HSTS the problem?
Thanks for the quick reply, Trevor. With regard to options 2 and 3, can you suggest a reference for resetting the default SSL certificates for localhost under Centos 7, creating SSL certificates under Centos 7, or the best Chrome forum to post this question? Thanks.
Re: Chrome can't access local website with http or https - Is HSTS the problem?
https://ma.ttias.be/chrome-force-dev-do ... aded-hsts/
Because .dev is a valid top level domain, your best option (at least in the longer term) is to use some other top level domain than .dev. I'd suggest not postponing the inevitable -- rename the domain now.
Because .dev is a valid top level domain, your best option (at least in the longer term) is to use some other top level domain than .dev. I'd suggest not postponing the inevitable -- rename the domain now.
Re: Chrome can't access local website with http or https - Is HSTS the problem?
Thanks, avij. Not exactly the news I wanted to hear, but I will try changing the site name to 'asw.test' and see if chrome behaves better.
Re: Chrome can't access local website with http or https - Is HSTS the problem?
RFC2606 (Reserved Top Level DNS Names) defines names you can use for testing. See http://www.ietf.org/rfc/rfc2606.txt