How to communicate with localhost service from a https page


#1

It’s not a Let’s Encrypt problem, just a https question.

I’m building a client that will runs on users’ pc. And will communicate with official webpage (like Steam, but need response, just using URL Protocol not works)

I built a simple webserver, which will listen on 127.0.0.1, and set CORS on, bundled in the client. It works great until i’m trying to make my webpage secured.

In a https webpage, I can’t make any plain http or websocket request, even to 127.0.0.1, will be blocked by browser.

I tryied resolv local.mydomain.com to 127.0.0.1, then request a ssl certificate for it, and bundle certificate and private key in the client, then let client to serve as https.

It seems well but:
Let’s Encrypt certificate is valid for just 3 month, even i do auto update when client open , if a user not use it for months, or if auto update failed, it will be broken. The worst thing is, i can’t request cert again since it’s resolved to 127.0.0.1.

Even use other ssl provider, it’s just valid for one year, not solving this problem.

Any good idea?


#2

If you’re using a local webserver that will run on a client’s system, you can always use a self-signed certificate and load it as a local trust in the built-in client. Do keep in mind that if communication is all happening locally, you probably won’t gain too much benefit from secure communication directly, especially as you’ll need to load the private key on an uncontrolled system.