Skip to content

Chrome Headless


Install Chrome as normal from the command line or through a GUI


SSL and Wildcard SSL (Self Signed Custom CA)

You will need to ensure you have all of the required SSL certificates set up for Chrome headless to work correctly across multiple stores. To do this, ensure you have your wildcard SSL certificate set up with a Certificate Authority, this is required as the flags used to ignore SSL errors do not work in headless.

Generating the SSL certificates is out of scope for this guide.


Once you have downloaded the certificate files


You must ensure that you import your certificate authority .pem file in to Chrome's certificate store for the SSL to work correctly. To do this, the following commands will generate a fresh certificate store.


These commands will clobber any information you have stored in there if run in order Skip the commands that create the database and only run the import command

First, we need to initialise the certificate store.

echo "Creating Cert DB

mkdir -p ~/.pki/nssdb
certutil -d sql:$HOME/.pki/nssdb -N --empty-password

echo "Importing the PEM authority file"

certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "A Name" -i ./your-ca-pem-file.pem;

This should allow Chrome to visit your self signed stores and report them as valid.


For your standard browser (non-headless on your local machine), you will need to also import the authority there as well.

See Local Container SSL

Post SSL Config

Once the your Nginx configuration file has been updated with the /etc/ssl/nginx keys, you then need to perform systemctl restart nginx with root privileges.

Your website should now be valid under https. Check under https://{website-address}