Chrome complains about website not being secure when using URL like something.com.ddev.site

[BernhardBaumrock]

First of all thank you for creating this awesome product!

I'm using hostnames like domain.com.ddev.site for my local development. This has been working all the time until recently chrome showed me a warning that "someone might be tricking me" or the like.

I understand why chrome is doing that and I'd be fine with clicking away that warning, but on the live domain chrome says it is insecure as well:

The thing is that the certificate is valid and other browsers don't complain, so I guess chrome somehow flags that domain and marks it as insecure.

Has anyone else experienced that?

[rfay]

Can you demonstrate this when not using <domain.com>.ddev.site? For example, if you just use domain.ddev.site is it OK? I imagine Chrome is protecting you from the many garbage sites that fool you into thinking you're at a "real" URL and in reality you're on their malware site.

[BernhardBaumrock]

Hey @rfay exactly. It's a little hard to reproduce (or at least I don't know how I could do that) and I'll have to keep an eye on it over time. Just thought I'd mention it here to see if anybody else is having issues or maybe already a solution.

[rfay]

If you click the "Learn more " link, does it give you any help? Can you please provide the "learn more" link here?

[BernhardBaumrock]

That's what I did. Unfortunately that was not helpful: https://support.google.com/chrome/answer/95617?visit_id=638237444053843333-4137688560&p=ui_security_indicator&rd=1

[rfay]

You don't get the full screen warning right?

Dangerous: Avoid this site. If you get a full-page red warning screen, the site has been flagged as unsafe by Safe Browsing. Using the site will likely put your private information at risk.

[BernhardBaumrock]

Just had it again! This is how the warning looks like for baumrock.com.ddev.site:

baumrock.com seems to work as always though. Not sure what's going on. I'll keep an eye and report back!

[rfay]

Thanks for the followup. It's definitely Chrome picking on you about your choice of URLs :)