.local / mDNS requests fail with ERR_SSL_PROTOCOL_ERROR on macOS Sequoia 15.0.1

[swiftcoder]

Has anyone else encountered issues after upgrading to macOS Sequoia?

I upgraded my daily driver to macOS Sequoia 15.0.1 (24A348) yesterday, and localias seems to silently fail now. I've uninstalled and reinstalled, all still all connections to my configured aliases just return ERR_SSL_PROTOCOL_ERROR.

I do see one error in the start logs, looks like a missing caddy lock file. Is it possible I need to reset something in caddy's config as well?

% localias start
2024/10/17 13:25:58.735 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/10/17 13:25:58.735 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0x1400011b180"}
2024/10/17 13:25:58.739 INFO    http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS     {"server_name": "srv1", "https_port": 443}
2024/10/17 13:25:58.739 INFO    http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "srv1"}
2024/10/17 13:25:58.739 WARN    tls     unable to get instance ID; storage clean stamps will be incomplete      {"error": "open /Users/tristam/Library/Application Support/Caddy/instance.uuid: no such file or directory"}
2024/10/17 13:25:58.739 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/10/17 13:25:58.739 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2024/10/17 13:25:58.739 INFO    http.log        server running  {"name": "srv1", "protocols": ["h1", "h2", "h3"]}
2024/10/17 13:25:58.739 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/10/17 13:25:58.739 INFO    http    enabling automatic TLS certificate management   {"domains": ["front.local", "back.local"]}
2024/10/17 13:25:58.743 INFO    pki.ca.local    root certificate is already trusted by system   {"path": "storage:pki/authorities/local/root.crt"}
mDNS: serving front.local (192.168.1.181,10.255.0.79,::1,127.0.0.1)
mDNS: serving back.local (192.168.1.181,10.255.0.79,::1,127.0.0.1)

Any attempt to connect to the alias just results in a TLS error. For example, using curl:

% curl -v https://front.local
* Host front.local:443 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:443...
* Connected to front.local (::1) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* LibreSSL/3.3.6: error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error
* Closing connection
curl: (35) LibreSSL/3.3.6: error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error

[peterldowns]

Hey, I haven't heard of anything like this yet but I'll leave this issue open until I can help you resolve it. I'm unfortunately not on macOS 15 and I don't plan on upgrading for a while (it's usually disruptive to my life so I avoid updates until they're unavoidable.)

I have heard that macOS 15 shipped with a variety of networking problems, although no one is very clear exactly what they are or what to do about it:

• https://old.reddit.com/r/MacOS/comments/1fihlge/macos_15_sequoia_bugs_and_issues_megathread/lnngp9n/?context=3
• https://mjtsai.com/blog/2024/09/18/macos-firewall-regressions-in-sequoia/

For future reference/completeness, could you share the results of running the following commands?

• Your hostname: hostname
• Your macOS build information: sw_vers
• Your localias version: localias version
• How you installed it (brew, nix, binary download, whatever)
• Your localias settings: localias list
• Your full localias config file: localias debug config --print

Based on what you've shared, I'm not sure what's going on. Some ideas for things to try:

• I will try updating the code to add a debug mode with better logging, and I'll follow up here once that's available for you to try. Maybe that will help us get better logs.
• Does using Localias as a non-ssl proxy work? Try setting up an alias for http://mysite.local and accessing it.
• Does using a non-.local tld work? Try setting up an alias for mysite.test and accessing it.
• Does using Caddy (not localias) as a reverse proxy work for you at all? Might be a little more annoying for you to test, but if it works, then maybe I need to upgrade the version being embedded in localias.

[swiftcoder]

% hostname
tristam-m2-macbook.local

% sw_vers
ProductName:		macOS
ProductVersion:		15.0.1
BuildVersion:		24A348

% localias version
v2.2.0+commit.d73df9b

% which localias
/opt/homebrew/bin/localias

% localias list
https://front.local -> 4000
back.local -> 4001

% localias debug config --print
https://front.local: 4000
back.local: 4001

• Using localias as a non-secure proxy seems to work fine.
• Using localias for non-local TLDs also seems to work fine (I was successful with mysite.lan)

So it seems most likely that I'm experiencing an mDNS-related issue?

[swiftcoder]

Additional data point, if I leave the /etc/hosts file as localias set it up, then caddy on it's own works fine with:

% caddy reverse-proxy --from front.local --to localhost:4000
2024/10/21 13:49:22.239	WARN	admin	admin endpoint disabled
2024/10/21 13:49:22.239	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0x14000650f00"}
2024/10/21 13:49:22.239	INFO	http.auto_https	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "proxy", "https_port": 443}
2024/10/21 13:49:22.239	INFO	http.auto_https	enabling automatic HTTP->HTTPS redirects	{"server_name": "proxy"}
2024/10/21 13:49:22.246	INFO	pki.ca.local	root certificate is already trusted by system	{"path": "storage:pki/authorities/local/root.crt"}
2024/10/21 13:49:22.246	INFO	http	enabling HTTP/3 listener	{"addr": ":443"}
2024/10/21 13:49:22.248	INFO	http.log	server running	{"name": "proxy", "protocols": ["h1", "h2", "h3"]}
2024/10/21 13:49:22.248	INFO	http.log	server running	{"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/10/21 13:49:22.248	INFO	http	enabling automatic TLS certificate management	{"domains": ["front.local"]}
2024/10/21 13:49:22.250	WARN	tls	stapling OCSP	{"error": "no OCSP stapling for [front.local]: no OCSP server specified in certificate", "identifiers": ["front.local"]}
2024/10/21 13:49:22.250	INFO	caddy proxying	{"from": "https://front.local", "to": ["localhost:4000"]}
2024/10/21 13:49:22.256	INFO	tls	storage cleaning happened too recently; skipping for now	{"storage": "FileStorage:/Users/tristam/Library/Application Support/Caddy", "instance": "d0ab8461-a9a3-4abc-b0cb-2fb3be8d3e24", "try_again": "2024/10/22 13:49:22.256", "try_again_in": 86399.999999875}
2024/10/21 13:49:22.256	INFO	tls	finished cleaning storage units

Details of the installed caddy version:

% which caddy
/opt/homebrew/bin/caddy
% caddy --version
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

[peterldowns]

Awesome, thank you so much for the diagnostics. I'm going to prepare a localias build that uses the latest version of Caddy — hopefully you can then try that out, and it magically fixes the bugs, and we're all good to go!

Really appreciate your help tracking this down!

[peterldowns]

Additional data point, if I leave the /etc/hosts file as localias set it up, then caddy on it's own works fine with:

Interesting. If running caddyserver + updated /etc/hosts makes https://front.local work without issue, then I would guess the problem is either:

• localias using an older version of caddy that somehow is broken on macOS 15 when using .local domains
  • Unlikely, but possible. The Caddy release notes don't mention anything about this.
• localias's mDNS implementation is somehow broken on macOS 15
  • Somewhat more likely, since this is code that I hacked together and which is only used by localias. Bugs in caddy are almost certainly discovered and fixed much faster than bugs in localias.

So, to help figure this out, here's a darwin-arm64 build of localias built with caddyserver v2.8.4. The code changes are on this branch, if you'd rather build the binary yourself than download one that I've built:

• release (with binary to download): https://github.com/peterldowns/localias/releases/tag/wip-release-testing
• branch: [wip] update caddyserver from v2.7.6 -> v2.8.4 #41

Could you please try starting the proxy server with this custom build of localias, and seeing if your https://front.local alias works? Here's the commands and output I see:

~/code/localias/bin 🪵  pd/caddy-update # 5692b42 ❄️  nix:localias
• ./localias-darwin-arm64 version
v2.2.0+commit.5692b42

~/code/localias/bin 🪵  pd/caddy-update # 5692b42 ❄️  nix:localias
• ./localias-darwin-arm64 stop
daemon is not running

~/code/localias/bin 🪵  pd/caddy-update # 5692b42 ❄️  nix:localias
• ./localias-darwin-arm64 start
2024/10/21 20:43:42.911	INFO	admin	admin endpoint started	{"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/10/21 20:43:42.911	WARN	tls	DEPRECATED: on_demand.rate_limit will be removed in a future release; use permission modules or external certificate managers instead
2024/10/21 20:43:42.911	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0x140000e5700"}
2024/10/21 20:43:42.911	INFO	http.auto_https	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv1", "https_port": 443}
2024/10/21 20:43:42.911	INFO	http.auto_https	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv1"}
2024/10/21 20:43:42.917	INFO	pki.ca.local	root certificate is already trusted by system	{"path": "storage:pki/authorities/local/root.crt"}
2024/10/21 20:43:42.917	INFO	http.log	server running	{"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/10/21 20:43:42.917	INFO	http	enabling HTTP/3 listener	{"addr": ":443"}
2024/10/21 20:43:42.917	INFO	[INFO][FileStorage:/Users/pd/Library/Application Support/localias/caddy] Lock for 'storage_clean' is stale (created: 2024-10-21 16:43:28.447751 -0400 EDT, last update: 2024-10-21 16:43:28.447751 -0400 EDT); removing then retrying: /Users/pd/Library/Application Support/localias/caddy/locks/storage_clean.lock
2024/10/21 20:43:42.917	INFO	http.log	server running	{"name": "srv1", "protocols": ["h1", "h2", "h3"]}
2024/10/21 20:43:42.917	INFO	http.log	server running	{"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/10/21 20:43:42.917	INFO	http	enabling automatic TLS certificate management	{"domains": ["back.local", "front.local"]}
mDNS: serving front.local (192.168.1.195,198.19.249.3,192.168.215.0,192.168.164.0,::1,127.0.0.1)
mDNS: serving back.local (192.168.1.195,198.19.249.3,192.168.215.0,192.168.164.0,::1,127.0.0.1)

~/code/localias/bin 🪵  pd/caddy-update # 5692b42 ❄️  nix:localias
• ./localias-darwin-arm64 status
daemon running with pid 65368

~/code/localias/bin 🪵  pd/caddy-update # 5692b42 ❄️  nix:localias
• pgrep localias
65368

~/code/localias/bin 🪵  pd/caddy-update # 5692b42 ❄️  nix:localias
• curl -vvv 'https://front.local'
*   Trying [::1]:443...
* Connected to front.local (::1) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: [NONE]
*  start date: Oct 21 20:44:07 2024 GMT
*  expire date: Oct 22 08:44:07 2024 GMT
*  subjectAltName: host "front.local" matched cert's "front.local"
*  issuer: CN=Localias Intermediate
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://front.local/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: front.local]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: front.local
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
< content-type: text/html; charset=utf-8
< date: Mon, 21 Oct 2024 20:44:07 GMT
< server: Caddy
< server: SimpleHTTP/0.6 Python/3.12.3
< content-length: 1216
<
<!DOCTYPE HTML>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Directory listing for /</title>
</head>
<body>
<h1>Directory listing for /</h1>
<hr>
<ul>
<li><a href=".direnv/">.direnv/</a></li>
<li><a href=".DS_Store">.DS_Store</a></li>
<li><a href=".envrc">.envrc</a></li>
<li><a href=".git/">.git/</a></li>
<li><a href=".github/">.github/</a></li>
<li><a href=".gitignore">.gitignore</a></li>
<li><a href=".golangci.yaml">.golangci.yaml</a></li>
<li><a href=".localias.yaml">.localias.yaml</a></li>
<li><a href=".toolchain/">.toolchain/</a></li>
<li><a href=".vscode/">.vscode/</a></li>
<li><a href="bin/">bin/</a></li>
<li><a href="cmd/">cmd/</a></li>
<li><a href="default.nix">default.nix</a></li>
<li><a href="flake.lock">flake.lock</a></li>
<li><a href="flake.nix">flake.nix</a></li>
<li><a href="go.mod">go.mod</a></li>
<li><a href="go.sum">go.sum</a></li>
<li><a href="Justfile">Justfile</a></li>
<li><a href="LICENSE">LICENSE</a></li>
<li><a href="pkg/">pkg/</a></li>
<li><a href="README.md">README.md</a></li>
<li><a href="result/">result@</a></li>
<li><a href="scripts/">scripts/</a></li>
<li><a href="shell.nix">shell.nix</a></li>
<li><a href="VERSION">VERSION</a></li>
</ul>
<hr>
</body>
</html>
* Connection #0 to host front.local left intact

~/code/localias/bin 🪵  pd/caddy-update # 5692b42 ❄️  nix:localias
• curl -vvv 'https://back.local'
*   Trying [::1]:443...
* Connected to back.local (::1) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: [NONE]
*  start date: Oct 21 20:44:17 2024 GMT
*  expire date: Oct 22 08:44:17 2024 GMT
*  subjectAltName: host "back.local" matched cert's "back.local"
*  issuer: CN=Localias Intermediate
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://back.local/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: back.local]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: back.local
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
< content-type: text/html; charset=utf-8
< date: Mon, 21 Oct 2024 20:44:17 GMT
< server: Caddy
< server: SimpleHTTP/0.6 Python/3.12.3
< content-length: 1216
<
<!DOCTYPE HTML>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Directory listing for /</title>
</head>
<body>
<h1>Directory listing for /</h1>
<hr>
<ul>
<li><a href=".direnv/">.direnv/</a></li>
<li><a href=".DS_Store">.DS_Store</a></li>
<li><a href=".envrc">.envrc</a></li>
<li><a href=".git/">.git/</a></li>
<li><a href=".github/">.github/</a></li>
<li><a href=".gitignore">.gitignore</a></li>
<li><a href=".golangci.yaml">.golangci.yaml</a></li>
<li><a href=".localias.yaml">.localias.yaml</a></li>
<li><a href=".toolchain/">.toolchain/</a></li>
<li><a href=".vscode/">.vscode/</a></li>
<li><a href="bin/">bin/</a></li>
<li><a href="cmd/">cmd/</a></li>
<li><a href="default.nix">default.nix</a></li>
<li><a href="flake.lock">flake.lock</a></li>
<li><a href="flake.nix">flake.nix</a></li>
<li><a href="go.mod">go.mod</a></li>
<li><a href="go.sum">go.sum</a></li>
<li><a href="Justfile">Justfile</a></li>
<li><a href="LICENSE">LICENSE</a></li>
<li><a href="pkg/">pkg/</a></li>
<li><a href="README.md">README.md</a></li>
<li><a href="result/">result@</a></li>
<li><a href="scripts/">scripts/</a></li>
<li><a href="shell.nix">shell.nix</a></li>
<li><a href="VERSION">VERSION</a></li>
</ul>
<hr>
</body>
</html>
* Connection #0 to host back.local left intact

[swiftcoder]

No change, this build exhibits the same failure as with the version in homebrew.

However, while I was mucking about with it, I discovered something interesting: both versions work perfectly if I sudo localias start.

That it works when running as root implies that the issue is one of the new permissions checks added to macOS Sequoia - my money would be on the addition of "Local Network Privacy", although whatever localias does is not triggering the permission UI prompt.

Looking through the various resources, it seems likely localias needs the multicast entitlement that has arrived from iOS. See also the somewhat-informal Local Network Privacy FAQ

[peterldowns]

That it works when running as root implies that the issue is one of the new permissions checks added to macOS Sequoia - my money would be on the addition of "Local Network Privacy", although whatever localias does is not triggering the permission UI prompt.

Looking through the various resources, it seems likely localias needs the multicast entitlement that has arrived from iOS. See also the somewhat-informal Local Network Privacy FAQ

🧠 OK, now we're onto something! Is there a new System Settings -> Privacy & Security -> Local Network (or similar name) permission that you can try granting to the localias binary? And if so, does that solve the problem?

I took a look at the links you posted, and did some other researching, and it frankly seems like a non-starter to me to have to start doing codesigning with an apple developer cert in order to ship mdns support. I'll keep looking into it, but I'd really prefer to find some other way, even if it's something like "you have to explicitly grant the binary permission by going into system preferences." I wonder what other apps are going to do?

Thank you again for your report and research. I am all ears if you have any ideas for how best to work around this.

[swiftcoder]

There is a UI in system preferences, but it only lets you revoke the permission from apps that have previously triggered the prompt. I have seen the prompt trigger once or twice while mucking around with localias/caddy (unclear what exactly caused it), but it triggers for Terminal.app, rather than the specific tool (and doesn't appear to allow the tool through).

The most relevant item from the FAQ suggests one can explicitly trigger the prompt by sending a dummy packet to the broadcast address - I guess that might be worth a try?

[peterldowns]

Huh, that's weird. I'm super frustrated by not being able to help you better, but I can't pay the cost of upgrading right now for a variety of reasons. Is there any chance there's still a small "+" button in the preferences pane, kind of hard to notice? Here's what the accessibility preferences look like for me in Sonoma:

The most relevant item from the FAQ suggests one can explicitly trigger the prompt by sending a dummy packet to the broadcast address - I guess that might be worth a try?

I'm not sure exactly how to do this — as far as I understand it already, localias should be broadcasting its routes by sending udp multicast packets already, so if that's not triggering the popup I don't know what else would. If you have a chance to play with the code and can make it happen, I'm completely open to upstreaming a PR.

One other option is to go partially down the codesigning path by trying to embed an Info.plist with the relevant entitlement at build time, and seeing if that works without any further signing.

At this point I've got to tell you that I don't have a path forward for you since I'm not on macOS 15 and I don't plan to be soon. I'm going to leave this issue open and hopefully someone can help contribute a fix. I know this will be a problem for me when I upgrade, and it will be a problem for you and others, but I don't want to upgrade my computer at the moment and until I do I'm unable to do much other than suggesting ideas to you. Sorry 😞 .

[peterldowns]

One last thing would be to try using localias run instead of localias start and seeing if that makes any difference on reliably triggering the privacy popup, since it will be running as a foreground process in the terminal. It really shouldn't make any difference, but I have vague memories of that helping when I was debugging some keychain access things.

[swiftcoder]

Heh. Well... You may or may not enjoy this news, but the issue has resolved itself on my machine, and I don't seem to be able to recreate it. Feel free to close this issue when you are satisfied.

I tried localias run, and it gave me error logs indication permission denial loading /Users/tristam/Library/Application Support/localias/caddy/certificates/local/front.local/front.local.key. I checked that file, and it was owned by root so my user couldn't read it.

After deleting the entire /Users/tristam/Library/Application Support/localias directory, localias is working again (both with start and run). Running localias as root again didn't recreate the problem (so I don't think my earlier diagnosis attempts made the problem worse).

I probably should have realised earlier that the home-brew uninstall process didn't clear out Application Support directory. I'm assuming the permissions in that directory got messed up in the OS upgrade process - but honestly not sure how.

[peterldowns]

You're right, that's insanely dissatisfactory. But I'm happy that your problem is resolved.

In summary, here's what we know: at some point on macOS 15.0.1 Sequoia:

• localias would run successfully
• ... but requests to https://front.local and other .local domain names would fail
• ... but requests to https://mysite.lan and other TLDs would succeed
• ... but running localias with sudo permissions via sudo localias start would make all requests work
• ... so we think the issue is maybe with new mDNS entitlements/permissions added in macOS 15
• ... but whatever localias is doing with mDNS never triggers the entitlements/permissions dialog
• ... and there is no way to explicitly add localias as allowed in the System Preferences privacy panes
• everything seems to be fixed by rm -rf /Users/$(whoami)/Library/Application\ Support/localias and re-running localias.

I'm going to close this issue as "wontfix", but if anyone else comes across this (or you encounter the same issue in the future) I will re-open and do my best to support.

😞 💢

[imagoiq]

Hi,

I'm experiencing the same issue with Sequoia 15.2 and mDNS. The .local works on the same machine, but is not reachable from other machine from the network. Note that I have another mac on 14.7.1 with the same setup and the mDNS work flawlessly on the same network.

The config:

~ hostname
mb

~ sw_vers
ProductName:		macOS
ProductVersion:		15.2
BuildVersion:		24C101

~ localias version
v2.2.0+commit.d73df9b

~ which localias
/opt/homebrew/bin/localias

~ localias list
my-front.local -> 8080

~ localias debug config --print
my-front.local: 8080

When running localias start, here is the log:

2025/02/03 07:31:03.920 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2025/02/03 07:31:03.920 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0x14000648580"}
2025/02/03 07:31:03.922 INFO    http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv1", "https_port": 443}
2025/02/03 07:31:03.922 INFO    http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "srv1"}
2025/02/03 07:31:03.929 INFO    pki.ca.local    root certificate is already trusted by system   {"path": "storage:pki/authorities/local/root.crt"}
2025/02/03 07:31:03.929 WARN    tls     unable to get instance ID; storage clean stamps will be incomplete      {"error": "open /Users/loicfurhoff/Library/Application Support/Caddy/instance.uuid: no such file or directory"}
2025/02/03 07:31:03.929 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2025/02/03 07:31:03.929 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2025/02/03 07:31:03.929 INFO    http.log        server running  {"name": "srv1", "protocols": ["h1", "h2", "h3"]}
2025/02/03 07:31:03.929 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2025/02/03 07:31:03.929 INFO    http    enabling automatic TLS certificate management   {"domains": ["my-front.local"]}
mDNS: serving my-front.local (192.168.0.27,::1,127.0.0.1)

The two following variants display the same log and do not work better:

• localias run
• sudo localias run

I can't add localias to System Preferences / Security / Local Network. I tried to add it to other section like Accessibility and Developement tool, but it didn't change anything.

I even tried the rm -rf /Users/$(whoami)/Library/Application\ Support/localias command without success.

So I also think, that the issue is around this new multicast entitlement: https://developer.apple.com/forums/thread/663271