OPENSSL@3 and Monterey - Fickle Partners?

I'd suggest using your own real and registered domain, or using a subdomain of a real and registered domain of yours.

Making up bogus TLDs is getting tougher by the day too, with the thousands of new TLDs ICANN has been adding in recent years.

For this case, I'd suggest avoiding re-use of an RFC-reserved domain, as getting creative with .local (e.g. ali.ourseventh.local) tends not to end well. Leave all of .local to mDNS.

Using your own domain or subdomain, set up your own authoritative DNS server, set up DHCP for your local client MAC addresses or (workable, but less desirable) set up static addresses on the clients, and allocate consistent IP addresses for hosts with certificates.

Then load and trust your private root public certificate onto each client, and load your leaf certificates onto the servers.

Hi, Hoffman!

Judging from your avatar this is the way you prefer to be addressed. In any case, I would like to thank you for responding to my issue. What I have understood from your response is that my TLDs or restricted domains -- namely, .local and localhost are the source of my problem and not my certificates -- this, despite the fact that by renewing my certificates the problem disappears momentarily. What else, I was able to understand from your response was not terribly useful. It was simply too vague within my own comprehension of the matters that you sought to bring to my attention. So, please, if you will, allow me to provide more clearly my circumstances so that you can better help me.

I maintain two sets of nearly identical websites: one set is on my local machine and is used for development; the other set is on a remote server hosted by a third party. My development sites are hosted virtually on a MacOS server, and my production sites are hosted remotely on a LINUX VPS server. The contents and set-up of the sites are nearly identical differing only in certain critical folder paths and certain application interfaces that I manually adjust when I upload my development to production.

The reason that I have used the .local extension is to make it possible for my locally hosted browser to distinguish between my remotely hosted production sites and my locally hosted development sites. Up until now this arrangement has been critical to my workflow. It used to be that the time between certificate renewal was much greater than it is now -- the interval between failure has become increasing tighter over time.

To be absolutely clear my production sites correspond to DNs purchased via GoDaddy and my remote server Hostpapa. By way of example, hashimori.com, imaginejapan.net, nudge.online hosted on my remote server correspond nearly one-to-one with my locally hosted virtual sites called hashimori.local, imaginejapan.local, and nudge.local. In addition, some of my sites correspond to subdomains of similarly registered DNs such as cambitas.spiritof2021.online and ali.ourseventh.org whose local equivalents are cambitas.spiritof2021.local and ali.ourseventh.local.

Not only this, but the sites are interactive. For example, the remotely hosted grammarcaptive.com website depends on the remotely hosted nudge.online website for tracking, and the locally hosted grammarcaptive.local website depends on the nudge.local virtual domain for a very similar service.

In addition, there are several websites located on my local machine that I use to develop certain routines and practice difficult coding techniques before I include them in my development and production sites. The most important of these uses the localhost address, but there are several others with the .local extension.

As you can see, the above arrangement is voluminous, and I must be fairly clear what I am undertaking when I seek to change it. Based upon this new information could you please elaborate a little more on what you perceive to be a proper solution.

Roddy

Hello, Hoffman! Are you there?

Roddy