I was reading through the (site.letsencrypt.org/docs/certificates-for-localhost/) and understand why certs can’t be issued for localhost. I’m working on a web app where HTTPS is required to test features like secure cookies and service workers.
I’ve generated a self-signed cert using the openssl command from the docs:
The cert installs fine on my system, but I still get browser warnings (especially in Chrome). I’ve added the cert to my macOS keychain and marked it as trusted, but the warning persists.
Has anyone managed to get Chrome or other browsers to fully trust a self-signed cert on localhost? Or is using a local CA (like minica) the only reliable way?
Would appreciate any tips or clarification—this has been tricky to get right.
Is your web application already released? Do you have a normal URL for it that's available to everyone, with a proper certificate?
If yes, I would just use the same hostname in the SRV record and point it to 127.0.0.1 and use your normal certificate.
I'm quite intrigued by the actual example they provided in the manual about localhost.example.com, but what I’m proposing isn’t really the same as that.
If you have the domain name example.com, you can utilize the DNS-01 challenge to get a certificate for that domain (or any subdomain). You can then configure public or local DNS to route example.com onto 127.0.0.1.
I usually set dev.example.com to resolve to 127.0.0.1 on the public nameservers whenever I get a new domain. Occasionally I map the DNS for example.com on my LAN or machine onto 127.0.0.1, but I really only do that when trying to ensure sandboxed cookies are isolating correctly.