How to fix Firefox 59 no longer accepting my self signed SSL certificate on .dev virtualhost

Solution 1:

There is an easy way around this.

1. Go to about:config
2. Search for "network.stricttransportsecurity.preloadlist".
3. Set it to false.

WARNING: This will disable HSTS entirely. Take a look at the comments on this answer for some discussion about the downsides of this method. I personally think the benefit outweighs the risk, but you are responsible for your own security.

Edit 2020: We've now had a .dev TLD for multiple years. It's time to move away from using .dev as a local URL. This workaround still works, but you are robbing yourself of increased security.

Solution 2:

I still am not entirely clear on how this all fits together exactly, but as pointed out in this answer .dev domains are now official TLDs. As such, it seems that browsers force some kind of HSTS behavior and force https connections. For those TLDs it seems my self-signed certificate no longer was accepted in Firefox. Changing my virtual hosts to use .test solved the problem without having to change anything in my self-signed certificates at all.

It is worth noting that in Firefox also my non-SSL virtual hosts acted up since version 59 today, because the HSTS behavior seemed to force SSL on virtual hosts I had not set up as serving via SSL. On Chrome this still used to work, but either way it's safe to say moving away from the now officially used .dev TLD will resolve many headaches.