Safari Cannot Establish a Secure Connection to the Server

UPDATE: Both Google Chrome AND Safari browsers now force SSL on .dev domains. We now recommend dev.cc as your extension. ServerPress owns this top level domain with the intent of ONLY maintaining it for the purpose of local development. This extension can be used with any local development platform (but we'd love it if you used DesktopServer!).

A while back, Google purchased the .dev TLD (Top Level Domain). At that time, they announced that they had no plans for it and that they were only going to use it for internal purposes. For years, the .dev TLD was primarily used for developers and designers to use in their local development environments. It was considered general acceptable use and, as a result, developers everywhere are now running sites locally which may now be affected.

Recently Google announced that in a soon to be released update to Chrome, they will be forcing .dev to HTTPS. In short, this means that if you are running local sites using .dev AND running Google Chrome, you will find your site unreachable. Fortunately, there are a couple of options which are fairly simple to implement to get around this issue. Keep in mind that since .dev has been a standard TLD for local development for some time, this new policy by Google will affect you whether you are using DesktopServer or any other local development tool which utilizes the .dev TLD. This issue is NOT specific to DesktopServer.

Solution #1 (Any Local Host Development Platform): Stop Using Google Chrome for Local Development

Let’s start with the easiest and quickest solution. This solution will work for anyone, whether or not they are using DesktopServer.

Stop using Google Chrome for your web browser. Chrome is a great browser and with its developer tools, has become a favorite of developers. However, for this purpose, currently none of the other browsers are forcing HTTPS on sites with a .dev extension. So, while this is a quick “fix” and will work, there is no guarantee that it always will as other browsers might follow Google’s lead and apply the same policy.

Solution #2 (DesktopServer Specific): Change the TLD Extension

*Note: ServerPress, LLC does not typically recommend changing the TLD extension as it does involve making changes to the DesktopServer Preferences file which, if not done correctly, can have an impact on all sites and functionality. While, under normal circumstances, we do not “officially” offer support on issues where the Preferences File has been altered, we recognize that in some cases, it is necessary and will help resolve any issues that might arise as a result of changing the TLD and will offer support in these cases.

**Note 2: We only recommend this as your solution currently if you use Google Chrome as your default browser. Otherwise, we recommend Option 3 (below)

This solution involves a little bit more work, but is a far more permanent solution to the problem. Currently there are two TLDs which are commonly used for local development.  They are .localhost and .test. However, ServerPress has registered .dev.cc as a TLD to be specifically used for local development.  This new top level domain will not only work with DesktopServer (and has now become our standard), but will also work in any local development environment as our gift to the Community. The .test extension is currently a reserved extension specifically for local development, whereas, at the time of this writing, .localhost is not, however, there is a proposal put forth to make it a standard.

Once you have decided which TLD you will be using, follow these steps in order to manually change their extension.

  1. If DesktopServer is open, navigate to the main menu and select “Stop or restart the web and database services” → Next
  2. Select “Stop all services” → Next
  3. Once services have been stopped, select “Close” to shut down DesktopServer
  4. Open your Preferences File
    1. Mac Users:
  1. Open the hidden file at /Users/Shared/.com.serverpress.desktopserver.json using your favorite text editing program (Text Wrangler shown, which is free in the App Store).
  2. Pres Shift + Command + . [period] to see hidden files in the Open dialog window.
  3. Select the file .com.serverpress.desktopserver.json file to open.
  4. Back up your Preferences file by selecting all the text and copying it to a new document. Save the new document as your backup.
  5. Look for the entry that says “tld”:”.dev”,
  6. Change the “.dev” to the TLD extension of your choice (.dev.cc, .test, or .localhost, for example).
  7. Save your Preferences file

b. Windows Users

  1. Open the hidden file at c:\ProgramData\DesktopServer\com.serverpress.desktopserver.json using your favorite text editor.
  2. To view hidden files, in File Manager, Click on the “View” option in the menu and select “View Hidden Files”
  3. Back up your Preferences file by selecting all the text and copying it to a new document. Save the new document as your backup.
  4. Look for the entry that says “tld”:”.dev”,
  5. Change the “.dev” to the TLD extension of your choice (.test or .localhost, for example).
  6. Save your Preferences file

5. Open DesktopServer

6. Copy all .dev sites to new TLD sites

  1. Select “Remove, copy or move an existing website
  2. Select the .dev website you wish to copy and click on the “Copy website” radio button → Copy >
  3. Give the copy a site name → Next
  4. DesktopServer will now copy the existing .dev site over to the site using the new TLD

Solution #3: Wait for Next Release of DesktopServer

Currently, Google is stating that the .dev domain will be forced to HTTPS with its next release. However, there has been enough backlash from the Developer Community that there is the outside chance that they may hold off or cancel plans altogether. However, assuming this is not the case, we highly recommend that, unless you use Google Chrome as your default browser that you wait until our next release is published.

We are currently in the final stages of internal testing of our latest release, v3.9.0. This version will include PHP7.x, SSL, and a few other features that will increase performance and deal with the issue of .dev TLDs. Further, it will contain about 95% of the v4.0 code that we have been evolving towards for the past several months.

In conclusion, our recommendation is that unless you are using Chrome as your default, you do nothing and continue on as you have been. This will ultimately keep things simple for you and have the least amount of impact on your workflow.

Of course, if you have any questions or issues, please do not hesitate to contact us first and we will do our best to respond to your concerns as quickly as we can. 

ADDENDUM: The following was another solution suggested by one of our customers, Brian Gillespie. While we have not tested this solution, we believe it to be a great alternate workaround.

"I wanted to let you know about a workaround I found for the Chrome HSTS redirect that applies to any of your customers that also use the Mac compiler app, Codekit (https://codekitapp.com/).

Codekit provides the ability to auto-refresh browsers every time a project file is saved by setting an external server address (e.g., http://www.yoursite.dev/). Importantly, this feature will accept HTTP addresses (screenshot attached). Previewing the local site via Codekit will allow DesktopServer users to bypass the forced HTTPS redirect that Chrome is enforcing on .dev TLDs, access the WP admin dashboard, and/or render the site locally (e.g., http://your-macbook-pro.local:5757/) without login. With this approach, I can wait for the next version of DesktopServer without altering the preferences file. #Winning"