" It’s possible to set up your own domain name that happens to resolve to 127.0.0.1 , and get a certificate for it using the DNS challenge. However, this is generally a bad idea and there are better options."
Why is it a bad idea? And why would the other options like self-signed be better?
I forgot to mention it was a Local dev. Well it’s actually more for an internal network with no registered domain than for a local dev.
So it’s just about the fact that is “technically easier”, right?
Another question if you don’t mind. It is also said in the doc that "If you want a little more realism in your development certificates, you can use minica to generate your own local root certificate.
It's closer to the production environment (because with "real" CA, you don't have self-signed certificate, but a certificate signed by an intermediate signed by a trusted root)
You could also argue that it's a little more secure because you can be even more sure that the key is right and that the CA didn't make a mistake. And you can keep the existence of your project a secret from everyone in a way that you can't do with a public certificate authority.
anyway, I had to use makecert in the end… I needed smth easy and quick… minica’s doc and support are not giving information on how to use generated files… and I know nothing about certs.
minica is even advising you to use makecert actually