WSL DDEV HTTPS Issues

—

### 1. **Verify mkcert Installation**
– Run the following command to confirm mkcert is installed correctly:

mkcert --version

– If mkcert is not installed properly, reinstall it:

sudo apt install libnss3-tools
     curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
     chmod +x mkcert-v*-linux-amd64
     sudo mv mkcert-v*-linux-amd64 /usr/local/bin/mkcert

—

### 2. **Install and Trust the mkcert CA**
– Ensure the mkcert root CA is installed and trusted in WSL and Windows:

mkcert -install

– If you are using WSL 2, you need to manually trust the CA on Windows. Find the mkcert root CA in your WSL environment:

ls ~/.local/share/mkcert

Copy the CA to your Windows filesystem (e.g., `\wsl$Ubuntu-XXhome\.localsharemkcert`) and double-click it to add it to the "Trusted Root Certification Authorities" on Windows.

—

### 3. **Check DDEV HTTPS Configuration**
– Ensure HTTPS is enabled in your DDEV project:

ddev config

Confirm the `https_port` is configured (default is `443`).

– Start the project:

ddev start

– Verify if DDEV has created the correct certificates:

ls .ddev/ssl

You should see files like `fullchain.pem` and `privkey.pem`.

—

### 4. **Check WSL Network Settings**
– If HTTPS is still not working, the issue may be with WSL 2 networking. Try binding DDEV to a different interface:
– Add the following line to your `~/.wslconfig` on Windows:

[wsl2]
       localhostForwarding=true

– Restart WSL and DDEV:

wsl --shutdown
       ddev stop && ddev start

—

### 5. **Check Firewall or Antivirus**
– Ensure that your firewall or antivirus software is not blocking HTTPS traffic to WSL.
– Add exceptions for the WSL and DDEV-related processes or ports.

—

### 6. **Access DDEV Site with HTTPS**
– Use the HTTPS URL provided by DDEV (e.g., `https://.ddev.site`). If this doesn't work, try accessing it with `https://127.0.0.1:`.

—

### 7. **Test HTTPS with Curl**
– Verify HTTPS functionality by running:

curl -k https://<project>.ddev.site

—

If HTTPS still doesn't work after these steps, let me know the specific error messages or behaviors you're encountering. This will help narrow down the root cause further.

—

### 1. **Verify mkcert Installation in Windows**
Since WSL runs as a subsystem in Windows, the mkcert root CA created in WSL must also be trusted on the Windows side.

1. **Locate the Certificates**:
– Your mkcert root CA files are at:

~/.local/share/mkcert/rootCA.pem

– Use the `explorer.exe` command to open the containing folder in Windows:

explorer.exe .

This will open the folder in Windows File Explorer.

2. **Add the Root CA to Windows**:
– Double-click `rootCA.pem` in Windows Explorer.
– Click **Install Certificate**.
– Choose **Local Machine** and click **Next**.
– Select **Place all certificates in the following store**, and click **Browse**.
– Select **Trusted Root Certification Authorities** and complete the wizard.

—

### 2. **Restart DDEV Project**
After trusting the mkcert CA in Windows, restart your DDEV project to ensure it picks up the certificates:

ddev stop
ddev start

Verify that the HTTPS URL (e.g., `https://.ddev.site`) is accessible.

—

### 3. **Check DDEV's SSL Directory**
Make sure DDEV has generated the proper SSL certificates in the project:

ls .ddev/ssl

You should see files like `fullchain.pem` and `privkey.pem`. If these files are missing, recreate them with:

ddev restart

—

### 4. **Confirm HTTPS Access**
Try accessing your DDEV site using HTTPS:

– From your browser: `https://.ddev.site`
– From WSL using `curl`:

curl -k https://<project>.ddev.site

If this still doesn't work, let me know the exact error message you're getting, such as a certificate error or connection failure.

—

### 1. **Convert `rootCA.pem` to a Recognized Format (Optional)**
Windows prefers `.crt` files for certificate installation. You can rename `rootCA.pem` to `rootCA.crt`:

1. Open WSL and navigate to the directory where the `rootCA.pem` file is located:

cd ~/.local/share/mkcert

2. Rename the file:

cp rootCA.pem rootCA.crt

—

### 2. **Manually Import the Certificate**
Now, import the certificate into Windows:

1. **Open Certificate Manager**:
– Press `Win + R`, type `mmc`, and press Enter.
– In the MMC window, go to `File > Add/Remove Snap-in…`.
– Select **Certificates** and click **Add**.
– Choose **Computer account** > **Next** > **Local computer** > **Finish** > **OK**.

2. **Import the Certificate**:
– In the MMC window, expand **Trusted Root Certification Authorities** > **Certificates**.
– Right-click **Certificates** and choose **All Tasks > Import**.
– Browse to the location of `rootCA.crt` (or `rootCA.pem` if you skipped renaming).
– Complete the import wizard, ensuring the certificate is placed in the **Trusted Root Certification Authorities** store.

—

### 3. **Verify the Certificate Installation**
After importing the certificate:

1. Open **Internet Options** (`Win + S` > Search for "Internet Options").
2. Go to the **Content** tab and click **Certificates**.
3. Under the **Trusted Root Certification Authorities** tab, confirm that your mkcert certificate is listed.

—

### 4. **Restart DDEV and Test HTTPS**
Restart your DDEV project and test HTTPS access again:

ddev stop && ddev start

Access your project using `https://.ddev.site`.

—

If the issue persists, let me know, and we can troubleshoot further!