SSL Certificate and ServBay CA Troubleshooting
This document provides solutions for common SSL certificate and ServBay CA issues encountered in the ServBay local development environment.
Why does my browser say the SSL certificate is untrusted?
When you try to access a local website hosted by ServBay in your browser, if you see warnings such as the following, it usually indicates a problem with the SSL certificate configuration:
- Chrome / Edge:
Your connection is not private
- Error code
NET::ERR_CERT_AUTHORITY_INVALID
- Error code
NET::ERR_CERT_COMMON_NAME_INVALID
(less common, but may appear if the certificate does not match the domain)
- Firefox:
Warning: Potential Security Risk Ahead
- After clicking "Advanced," you may see error code
SEC_ERROR_UNKNOWN_ISSUER
- Error code
SSL_ERROR_BAD_CERT_DOMAIN
(if the certificate does not match the domain)
- Safari:
This Connection Is Not Private
Safari can't verify the identity of the website "your-domain.test"
The main reason for this issue is that the ServBay User CA
and ServBay Public CA
have not been properly installed and trusted. This may be due to:
- The ServBay root certificate not being added to the system's trust list.
- You previously used the same domain name (such as
myapp.test
) in other local development environments (like MAMP or Laravel Herd). Certificates from these tools may conflict with ServBay's certificates, or their own certificate system may have issues, causing your browser to cache incorrect trust info or certificates.
Solutions
Follow these steps:
- Open ServBay
- Navigate to Settings and locate the ServBay Root CA section.
- Click Reinstall ServBay Root CA. ServBay will attempt to automatically resolve root certificate installation and trust issues.
- Completely close and reopen your browser (make sure all windows and processes are shut down to clear cached SSL state).
- Revisit your website. The SSL certificate errors should now be resolved.
If the issue persists:
This usually means there are old, conflicting, or invalid certificates on your system, especially if you previously used other tools (such as MAMP or Herd) to generate certificates for the same domain name.
- Open your system's certificate management tool:
- macOS: Open the Keychain Access application (find it under "Applications" > "Utilities").
- Windows: Press Win+R, enter
certmgr.msc
, and hit Enter to open the certificate manager.
- In the search box at the top right, enter the domain name causing issues (for example,
myapp.test
). If you're unsure, try searching for keywords likemamp
orherd
to look for related certificate authorities. - At the top, filter by Certificates.
- In the search results, look for all SSL certificates associated with the domain. Pay special attention to the issuer—whether it's
ServBay User CA
,MAMP Development CA
,Laravel Herd CA
, or another similar name. - Select any suspicious certificates associated with your domain, especially those not issued by
ServBay User CA
, and pressDelete
to remove them. You may need to enter your system password to confirm. Operate with care—be sure to only delete certificates related to your local development domains. - (Optional but recommended) In Keychain Access, search for
ServBay User CA
andServBay Public CA
again to ensure those certificates exist and their icons are not marked with a red "x" (indicating mistrust). If they aren't trusted (show a red cross), double-click the certificate, expand the "Trust" section, and set "When using this certificate" to "Always Trust." - Return to the ServBay application.
- Go to Settings -> ServBay Root CA.
- Click Recreate All ServBay User Certificates. This will regenerate new SSL certificates for all sites managed by ServBay.
- Restart your computer. This helps ensure all services and system components reload the latest certificates and trust settings.
- Reopen your browser and try accessing your website again.
By including these common error messages, users can more quickly determine whether their issue is SSL certificate trust-related and go directly to the right solution.
What should I do if an SSL certificate is lost?
While developing local websites with ServBay, you may sometimes encounter situations where the SSL certificate files are accidentally lost. This will prevent your web server (such as Nginx, Caddy, or Apache) from starting or properly loading your site, and error messages related to certificates will appear in logs.
Issue Description
When the SSL certificate files (.crt
and .key
) automatically issued by ServBay for your local site are missing, you may see error messages in your web server's log. These errors typically indicate that the server can't find or read the specified certificate file path.
Here are some common examples:
Nginx error:
log
nginx: [emerg] cannot load certificate "/Applications/ServBay/ssl/private/tls-certs/servb3ay.host/servbay.host.crt": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/Applications/ServBay/ssl/private/tls-certs/servb3ay.host/servbay.host.crt, r) error:10000080:BIO routines::no such file)
nginx: configuration file /Applications/ServBay/package/etc/nginx/nginx.conf test failed
1
2
2
Caddy error:
log
Error: loading http app module: provision http: getting tls app: loading tls app module: provision tls: loading certificates: open /Applications/ServBay/ssl/private/tls-certs/servbay.host/ser3vbay.host.crt: no such file or directory
1
Apache error:
log
AH00526: Syntax error on line 15 of /Applications/ServBay/package/etc/apache/vhosts/servbay.host.conf:
SSLCertificateFile: file '/Applications/ServBay/ssl/pri3vate/tls-certs/servbay.host/servbay.host.crt' does not exist or is empty
1
2
2
The core issue in these messages is the same: the certificate file path specified in the web server configuration is invalid because the file doesn't exist or isn't accessible.
Solution
ServBay provides an easy automatic detection and re-issuance mechanism for SSL certificates automatically issued for your local sites to resolve missing certificate issues.
Follow these steps:
- Launch ServBay app: Make sure the ServBay application is running.
- Navigate to the site list: In ServBay’s left sidebar, click Sites.
- Select the affected site: In the site list, find the local site with the missing SSL certificate and click it.
- Auto detect and reissue: When loading site configuration, ServBay will automatically detect if the necessary SSL certificate files are present. If the certificate is missing (i.e.,
.crt
or.key
files are absent), ServBay will attempt to automatically reissue and deploy new certificate files to the correct location (/Applications/ServBay/ssl/private/tls-certs/your-domain/
). - Restart web server: Once the certificates are successfully regenerated and deployed, you'll need to restart the web server package serving the site (Nginx, Caddy, Apache, etc.) so it loads the new certificates. In the left sidebar, go to the Packages page, find your web server package, and click the restart button beside it (usually a circular arrow icon).
- Verify the fix: After a successful web server restart, try to access your local website over HTTPS in the browser (e.g.,
https://your-domain
). The problem should be resolved and the site should load normally over HTTPS.
Notes
- This solution applies to SSL certificates automatically issued for local sites by ServBay. If you use custom certificates you imported yourself, ServBay won't automatically reissue them if they’re lost—you'll need to manually recover or reimport certificate files.
- ServBay uses the built-in ServBay User CA to issue certificates for local sites so HTTPS works in your local environment. If you still see untrusted certificate warnings in your browser when accessing local HTTPS sites, it may be that ServBay User CA is not trusted by your OS or browser. Please refer to ServBay’s ServBay CA Trust Guide for configuration instructions.
- ServBay provides data backup features, including backups of site configurations and SSL certificates. Regular backups can help you quickly restore data in case of unexpected issues.
Frequently Asked Questions (FAQ)
Q: Why does ServBay automatically issue SSL certificates for local sites?
A: ServBay aims to provide a complete local development environment. To simulate production and make it easier for developers to debug HTTPS applications, ServBay uses its built-in ServBay User CA to automatically issue SSL certificates for your sites, enabling local HTTPS access.
Q: Can I use my own SSL certificates?
A: Yes! ServBay supports importing and using your own SSL certificates (including those obtained via ACME / Let's Encrypt). This troubleshooting guide only covers ServBay auto-generated certificates.
Q: Is reissuing certificates safe?
A: Absolutely. For local development, ServBay reissues certificates signed by ServBay User CA, used only for your local testing. This will not impact your site’s security on the public internet.
Summary
ServBay offers a convenient system for managing SSL certificates in your local development environment. If a site’s auto-generated SSL certificate is accidentally lost, ServBay can automatically detect and reissue the certificate with just a few easy steps, helping you quickly restore normal HTTPS access for your local sites.