My problem was that the site I'm working on uses SSL/HTTPS (as pretty much all sites do these days, and FYI they can do so freely thanks to Let's Encrypt).
Vagrant, Apache2, MySQL, Wordpress - everything was working fine, but I would get a dreaded Chrome error complaining about an invalid secure certificate. VCCW does install a self-signed certificate for you, but it's for vccw.test, which of course is not the domain of my site!
I was able to create a simple self-signed certificate easily by going into Vagrant (vagrant ssh) and using openssl, but Chrome still didn't like the fact that the certificate (a) was not signed by a trusted root authority, and (b) did not contain any subject alternative name information.
It took me a little while to piece together the steps for creating the certificate that contained these necessary features, and allowing Chrome to accept the certificate.
Here are my steps:
1. Log into Vagrant (vagrant ssh)
2. Navigate to the folder where apache will look for certificates:
cd /etc/apache2/ssl
3. Create a text file with the subject alternative name information:
sudo vi example.com.san
and in that file enter your SAN info:
subjectAltName=DNS:example.com,DNS:www.example.com
4. Create a certificate authority ca.key key and ca.crt certificate, if you don’t have one already (see note below about adding this ca.crt to Chrome):
sudo openssl genrsa -out ca.key 2048
sudo openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt
5. Create a certificate signing request for the domain you want to secure:
sudo openssl req -newkey rsa:2048 -nodes -keyout example.com.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=*.example.com" -out example.com.csr
6. Sign the certificate with your certificate authority:
sudo openssl x509 -req -extfile example.com.san -days 365 -in example.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out example.com.crt
Now you can update the apache config to use this new certificate and key.
sudo vi /etc/apache2/sites-enabled/000-default.conf
<IfModule mod_ssl.c>
<VirtualHost example.com:443>
ServerName example.com
ServerAlias *.example.com
DocumentRoot /var/www/html
EnableSendfile off
<Directory /var/www/html>
Options FollowSymLinks
AllowOverride FileInfo Options Limit
Order allow,deny
Allow from all
</Directory>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
LogLevel info
ErrorLog /var/log/apache2/vccw.test-error.log
CustomLog /var/log/apache2/vccw.test-access.log combined
RewriteEngine On
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/example.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/example.com.key
</VirtualHost>
</IfModule>
Finally, restart apache2:
sudo service apache2 restart
Now open up your development site in Chrome (you may need to completely close and re-open Chrome) and enjoy purportedly-secure browsing!
NOTE: If you just created a new certificate authority in step 4 above, you will need Chrome to trust your new certificate authority. Save the ca.crt file to your local machine (wherever you are running Chrome). Then, in Chrome, click the three dots in the upper left, go to Settings, scroll down and click to show Advanced Settings, then click Manage Certificates. In the box, click the tab for Trusted Root Certificate Authorities. Click Import, and select your ca.crt from your machine. Accept all the scary warnings. Then you should see your new certificate in the list:
Again, you may need to restart Chrome to get this to take effect.
