Subject Alternate Name & Chrome 48
dipl.io 1.0.1 will be ready in a few days.
Development was fast and then ground to a halt when I was unable to even reach my development server. Chrome mysteriously invalidated my self-signed certificate, which had been working great for over a year. Surprise! Chrome 48 upped its standards for SSL certificates.
A big thanks to Alexander Zeitler for his blog post describing the steps to work around it. The new certificates have been committed to github. For those that use the development certificates—nobody beyond me, as far as I know—you will need to delete the old ones from your keychain, add the new rootCA.pem, and modify the nginx configuration to point to them.