For years I have used a setup on my development machines where http://dev is an index that links me up to all of the projects I'm working on, and common stuff like phpinfo.

I'm sure you're aware, but now you can't use dev domains without a security certificate, as Firefox and Chrome will force these domains to have a TLS/SSL connection.

So, I just switched to http://dv. I'm not losing sleep over it, but everytime I see it I am very annoyed. Why would Firefox and Chrome expect my local dev machine to have a real security certificate. A self signed on isn't good enough, and I can't bypass it in any way. I can't even set up an Apache redirect in virtualhost. I can't figure out how to bypass this in Firefox config or anything. I feel like they hijacked my domain and for no good reason.

Let's Encrypt - https://letsencrypt.org/ is the normal answer.

But I agree, if what you are saying it true. Browsers are trying to be security for the non-technical users out of the box, while still allowing really insecure things like javascript.

Yikes!

I wonder what this will mean for the Xampp (from Apachefriends) web servers! Either they will need to run https or Firefox and Chrome will need to be able to determine local servers to bypass or skip this requirement.

I could be wrong, too. Maybe Xampp already has https set up.

https://support.mozilla.org/en-US/questions/1027355 seems related.
Google is pushing hard for all web traffic to be encrypted. They know best, right? NOT!

Let's Encrypt might be the "normal answer", but try applying that to a domain like "https://dev". As far as I know, you can't do it because of the domain validation that Let's Encrypt requires. So then you might think that you can use a self signed cert, but that's not good enough for Chrome or Firefox.

Does it work to create your own authority certificate with openssl and use it to sign a certificate for your local dev domain?

Does it work to create your own authority certificate with openssl and use it to sign a certificate for your local dev domain?

Nope. I just went through the whole process, and it does not work. Same error regarding self signed certs.

what about a hosts file redirect?
like:
192.168.0.1 http://dev

that's an example, don't do if your router is there, unless you don't need to access your router. ;)

what about a hosts file redirect?
like:
192.168.0.1 http://dev

that's an example, don't do if your router is there, unless you don't need to access your router. ;)

There's no sane way around this. They've decided that any domain that ends in "dev", even if it's not a dot dev (.dev) domain, must have a valid security certificate that's not self signed. You can't bypass this, or allow an exception like you normally can for any other website/domain.

lol
where there's a will there's a way
just haven't found it yet

Nope. I just went through the whole process, and it does not work. Same error regarding self signed certs.
Huh? I just tried it in Chromium 65.0.3325.181 on Xubuntu 18.04 with a local server, and it worked for me. I can access https://dev/ no problem.

What is the exact error you get?

Huh? I just tried it in Chromium 65.0.3325.181 on Xubuntu 18.04 with a local server, and it worked for me. I can access https://dev/ no problem.

What is the exact error you get?

Sorry, since I use FF for development I had not tried Chrome. Truthfully, I'm just super annoyed with this, because I still find myself clicking links to dev, and I see the error daily. It's just a "Your SSL is self signed and you can't do a dang thing about it" error.

So then you might think that you can use a self signed cert, but that's not good enough for Chrome or Firefox.
I think the browser devs know something we don't.

I think the browser devs know something we don't.

Yeah, like how to hijack domains and get away with it.