SSL Certificate and ServBay CA Troubleshooting

This document provides solutions to common issues and troubleshooting steps regarding SSL certificates and the ServBay CA in the ServBay local development environment.

Why does my browser say the SSL certificate is not trusted?

When you try to access a local website hosted by ServBay in your browser and see warnings like those below, it usually means there’s an issue with your SSL certificate configuration:

• Chrome / Edge:
  • Your connection is not private
  • Error code NET::ERR_CERT_AUTHORITY_INVALID
  • Error code NET::ERR_CERT_COMMON_NAME_INVALID (less common, but appears if the certificate doesn’t match the domain)
• Firefox:
  • Warning: Potential Security Risk Ahead
  • After clicking "Advanced," you might see error code SEC_ERROR_UNKNOWN_ISSUER
  • Error code SSL_ERROR_BAD_CERT_DOMAIN (if domain and certificate don’t match)
• Safari:
  • This Connection Is Not Private
  • Safari can't verify the identity of the website "your-domain.test"

The main reason for this issue is that the ServBay User CA and ServBay Public CA haven’t been properly installed and trusted. The cause may be:

1. The ServBay root certificate wasn’t added to your system’s trust store.
2. You previously used the same domain name (e.g., myapp.test) in another local development environment (like MAMP or Laravel Herd), causing their certificates to conflict with ServBay’s, or their own certificate system had issues resulting in your browser caching the wrong trust information or certificates.

Solution

Please follow these steps:

1. Open ServBay
2. Navigate to Settings and find the ServBay Root CA section.
3. Click Reinstall ServBay Root CA. ServBay will attempt to automatically repair the installation and trust of the root certificate.
4. Completely close and reopen your browser (make sure all browser windows and processes are closed to clear cached SSL state).
5. Revisit your website. The SSL certificate errors should be resolved.

If the problem persists:

This usually means there are old, conflicting, or invalid certificates on your system—especially if you previously generated certificates for the same domain name using other tools (such as MAMP or Herd).

1. Open macOS Keychain Access (found in "Applications" > "Utilities").
2. In the search bar at the top right, enter the problem domain name (e.g., myapp.test). If you’re unsure, search for keywords such as mamp or herd to find related Certificate Authorities.
3. At the top, filter by Certificates.
4. From the search results, locate all SSL certificates related to your domain. Pay close attention to the Issuer—look for ServBay User CA, MAMP Development CA, Laravel Herd CA, or similarly named issuers.
5. Select all certificates related to the problem domain (especially those not issued by ServBay User CA or that look suspicious), then press the Delete key to remove them. You may need to enter your system password for confirmation. Please proceed carefully and ensure you only delete certificates related to your local development domains.
6. (Optional but recommended) In Keychain Access, search for ServBay User CA and ServBay Public CA again. Make sure these certificates exist and that their icons do not have a red “x” (which indicates they’re untrusted). If you see a red “x,” double-click the certificate, expand the "Trust" section, and set "When using this certificate" to "Always Trust."
7. Return to the ServBay application.
8. Navigate to Settings -> ServBay Root CA.
9. Click Recreate All ServBay User Certificates. This will regenerate fresh SSL certificates for all sites managed by ServBay.
10. Restart your Mac. This ensures all services and system components load the latest certificates and trust settings.
11. Reopen your browser and try accessing your website again.

By including these common error messages, users should be able to quickly determine if their issue relates to certificate trust and find appropriate solutions right away.

What should I do if my SSL certificate is lost?

When developing local websites using ServBay, you may occasionally encounter the accidental loss of your site’s SSL certificate files. This can prevent your web server (such as Nginx, Caddy, or Apache) from starting or properly serving your website, with error messages in the logs relating to missing certificate files.

Issue Description

If the ServBay-issued SSL certificate files (.crt and .key) for your local site are missing, your web server’s error logs may contain messages similar to the following. These errors usually mean the server can’t find or read the specified certificate file path.

Some typical error messages include:

Nginx Error:

nginx: [emerg] cannot load certificate "/Applications/ServBay/ssl/private/tls-certs/servb3ay.host/servbay.host.crt": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/Applications/ServBay/ssl/private/tls-certs/servb3ay.host/servbay.host.crt, r) error:10000080:BIO routines::no such file)
nginx: configuration file /Applications/ServBay/package/etc/nginx/nginx.conf test failed

Caddy Error:

Error: loading http app module: provision http: getting tls app: loading tls app module: provision tls: loading certificates: open /Applications/ServBay/ssl/private/tls-certs/servbay.host/ser3vbay.host.crt: no such file or directory

Apache Error:

AH00526: Syntax error on line 15 of /Applications/ServBay/package/etc/apache/vhosts/servbay.host.conf:
SSLCertificateFile: file '/Applications/ServBay/ssl/pri3vate/tls-certs/servbay.host/servbay.host.crt' does not exist or is empty

All of the above errors indicate that the SSL certificate file path set in the server configuration is invalid, usually because the file doesn’t exist or is inaccessible.

Solution

For SSL certificates issued automatically by ServBay, the platform features a convenient mechanism for auto-detecting and reissuing missing certificates.

Follow these steps:

1. Start the ServBay application: Make sure ServBay is running.
2. Navigate to the Websites list: In ServBay’s left sidebar, click Websites.
3. Select the affected website: In the list, find the local site suffering from the missing certificate problem and click it.
4. Automatic detection and issuance: When loading the site configuration, ServBay will automatically check if the required SSL certificate files are present. If it detects missing files (such as a .crt or .key), ServBay will attempt to reissue and deploy a fresh certificate to the correct folder (/Applications/ServBay/ssl/private/tls-certs/your-domain/).
5. Restart your web server: After the new certificate files are generated and installed, you’ll need to restart the web server package (Nginx, Caddy, or Apache) for the changes to take effect. Go to the Packages section in the left sidebar, locate your web server, and click the restart button (usually a circular arrow icon).
6. Confirm resolution: After the server restarts, try accessing your local site via HTTPS (e.g., https://your-domain). The problem should be resolved, and your site should load normally over a secure connection.

Notes

• This solution is intended for SSL certificates automatically issued by ServBay for local sites. If you use your own custom certificates, ServBay won’t reissue them if they go missing. You’ll need to recover or re-import the required certificate files manually.
• ServBay uses its built-in ServBay User CA to issue certificates for local sites, enabling HTTPS in local development environments. If your browser still warns that the certificate isn’t trusted when accessing local HTTPS sites, it could be due to your operating system or browser not trusting the ServBay User CA. See ServBay’s Trusting ServBay CA documentation for configuration instructions.
• ServBay offers data backup features, including backups for site configurations and SSL certificates. Regular backups can help you quickly restore data in case of accidental loss.

Frequently Asked Questions (FAQ)

Q: Why does ServBay automatically issue SSL certificates for local sites?

A: ServBay aims to provide a complete local development environment. To simulate production and enable convenient HTTPS debugging, ServBay leverages its built-in ServBay User CA to auto-issue SSL certificates for sites you create, giving you local HTTPS access.

Q: Can I use my own SSL certificates?

A: Yes, ServBay supports importing and using your own SSL certificates (including those from ACME / Let’s Encrypt). This troubleshooting guide only covers auto-generated ServBay certificates.

Q: Is it safe to reissue certificates?

A: Yes, for local development, ServBay reissues certificates signed by its User CA, which are used only on your local machine for testing and development purposes. This has no impact on your public website’s security.

Summary

ServBay provides convenient tools for managing SSL certificates in your local development environment. If your ServBay-issued local site SSL certificate is lost, a few simple steps allow ServBay to auto-detect and regenerate the needed certificates, helping you quickly restore secure HTTPS access to your local projects.