Give lighthouse an option to ignore certificate errors

[surma]

If people serve the site via a local webserver using a self-signed certificte (e.g. simplehttp2server 🙄), lighthouse just blocks (showing the interstitial in the Chrome instance).

[paulirish]

Looked into things and I don't think it's possible to do this at runtime. (Currently at least)

There is a --ignore-certificate-errors runtime flag that would probably do the trick.

We can add that in our launcher. Extension users and other folks would be in the dust, but ... that's something.

[surma]

There’s also chrome://flags/#allow-insecure-localhost, which would cover most situations I think. Not sure if we can control that, though.

[paulirish]

we can add whatever into we want into here https://github.com/GoogleChrome/lighthouse/blob/master/lighthouse-core/scripts/launch-chrome.sh#L17

I'm fine with both, fwiw.

If we do this, we should log what flags we're launching chrome with so we can be clear with users on the security status.

[brendankenny]

isn't launch-chrome.sh set up to pass in args, so you could just do npm run chrome -- --ignore-certificate-errors?

[wardpeet]

Yes you can just run it with the extra arg . Chrome script uses the $@ which makes it possible

[paulirish]

closing as we found a resolution.

[subhaze]

@paulirish It appears these flags wont work when used with the --headless flag :(

https://groups.google.com/a/chromium.org/forum/#!msg/headless-dev/eiudRsYdc3A/vwKjuELBBgAJ

[setthase]

@paulirish - any news about --headless and issues with self-signed certificates?

[infostreams]

For the record and for the casual Googler, this is how you can get lighthouse to ignore certificate errors:

lighthouse --chrome-flags="--ignore-certificate-errors" <url>

[vitalyzhakov]

Hello!

@infostreams , I have check your advice and nothing changed

Error after run says

Insecure document request:
The URL you have provided does not have a valid security certificate.
This site is missing a valid, trusted certificate (net::ERR_CERT_COMMON_NAME_INVALID).

lighthouse --version
5.0.0

Can anybody help to start lighthouse utility working with incorrect SSL?

[infostreams]

Yeah you need to (unfortunately) revert to an older version of lighthouse for now, see #7292 (comment) - but they're working on fixing it more thoroughly.

[Kenith]

The ssl issue stills there.

lighthouse --version
5.1.0

[LucianoVandi]

Same issue on version 5.1.0 with the command:

lighthouse --chrome-flags="--ignore-certificate-errors" <url>

Insecure document request: The URL you have provided does not have a valid security certificate. This site is missing a valid, trusted certificate (net::ERR_CERT_COMMON_NAME_INVALID).

[patrickhulce]

The fix was merged immediately after 5.1.0 was released. It will go out with 5.2.0.

#8865

[LucianoVandi]

Thanks @patrickhulce, installing the master branch worked for me.

npm install -g https://github.com/GoogleChrome/lighthouse\#master

[Kenith]

Found a force solution.
We could use this solution before the 5.2.0 is ready:

sed -i 's/\"$@\"/--no-sandbox --ignore-certificate-errors \"$@\"/' /opt/google/chrome/google-chrome

[patrickhulce]

@Kenith all versions of Lighthouse allow you to pass this flag already so that solution should not be necessary. The 5.2.0 change is to allow Lighthouse to continue even though the certificate error is still visible from the DevTools protocol (with the flag present). It's updating the under the hood workings to match the flag's UI effect.

[Kenith]

@patrickhulce Thank you for the feedback. And I am much clear now.
Appreciate that you take much so effort & time to contribute the community.
Thank you

[peshoicov]

For me the issue was the old version of Google Chrome (at this moment I have 74 and the latest stable is 83). Updating it made the audit work.