Worked like a champ! Updated a few services/servers, and the green padlock appeared.
Seems a lot easier to register your own domain, which is useful for so many other things too, point localhost.mydomain.com to 127.0.0.1 and run:
sudo apt-get -yy install --no-install-recommends certbot
mkdir -p le
certbot --work-dir ./le --logs-dir le --config-dir le -d localhost.mydomain.com --manual --preferred-challenges dns certonly
Follow the instructions adding the TXT record, you have a valid cert in minutes.
It also proves useful if you have to use SaaS services like BrowserStack who completely overlook and do not cater for the really common case of localhost SSL connections.
…alternatively run Chrome with --allow-running-insecure-content --disable-web-security.
Last time I saw this it didn’t have ACME support, that’s really neat for pre-prod testing.