Problem with virtual host on Ubuntu development machine (Apache2) : HSTS error

I had this problem with Google Chrome before, but now I have it with Firefox as well:

I'm running Ubuntu 17.10 on my laptop, with apache2. This is a development machine so I have numerous php sites defined as virtual hosts. This used to work perfectly on both chrome and firefox. But a couple of weeks (?) ago Chrome refused service, and now Firefox thinks it has to protect me from my own code.  I don't know if the problem is caused by a recent updat of Chrome or Firefox, or if this is caused by an apache update.

Now I can't access any of these virtual hosts anymore. I get some crap message about "Your connection is not secure" and some stuff about HSTS.
The thing is : I don't use https for these sites, and I don't want to use it.  All I'm developing are intranet applications NOT even accessible outside our company network, so I don't need HTTPS, and I couldn't even get certificates if I tried since there is no "official" domainname linked to these sites (they're all .lan, or .dev names)

I wasted a full day on this crap and nothing seems to work. How do I disable HSTS completely on my locally installed apache2 on MY OWN laptop? These sites on my laptop are development versions not accessible outside my laptop, so I don't need this.
Disabling HSTS for any .dev website would also be a solution.

Or alternatively does anyone know of a recent step by step "how to"  on using self-signed certificates that does work? I've tried several today but none of them seem to work in this situation.

Does anyone have a solution to this annoyance? I have deadlines, and they are approaching fast.
BelgianITGuyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BelgianITGuyAuthor Commented:
Ok, so I've finally found an explanation.
https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/

Apparently .dev is now a registered gtld and mozilla and chrome force hsts for .dev domain. I'll change my development suffix to .test.
dot test is apparently reserved for testing and development so this problem should not occur in the future.

This should fix it.

I'll try this later tonight and then close this question
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BelgianITGuyAuthor Commented:
changed my domain names from <websitename>.dev to .test and now it works
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.