DEV Community

Ivan Starkov
Ivan Starkov

Posted on

Fast and easy way to setup web developer certificates

Modern days having that cookies auth etc depends on https we need to have https local web environment.

Before to generate local certificates I used minica.

The main issue that you need a big readme for osx, linux and windows users, how to regenerate keys,
how to add minica certificate to Keychain, how to change hosts file.

Having that we use vscode remote for development it was 2x more work to register all that keys on local and remote machines.

The solution below doesnt need any setup from developers.

Solution in short

Register on DNS provider A records for development like:


Then using letsencrypt certbot for your provider just generate needed certificates.

They are already trusted and the only issue is 3 month expiration period, what can be easily fixed with cron.

Full solution.

In our case we use cloudflare as DNS.
Generation certificates for few domains on cloudflare looks:

Create cloudflare API token


mkdir -p /tmp/certbot/
mkdir -p /tmp/letsencrypt/

cat > /tmp/certbot/cloudflare.ini <<-DOCKERFILE
  dns_cloudflare_api_token = ${TF_VAR_CLOUDFLARE_API_KEY}

docker run -it --rm --name certbot  \
-v "/tmp/letsencrypt/data:/etc/letsencrypt" \
-v "/tmp/certbot:/local/certbot" \
certbot/dns-cloudflare:v1.15.0 certonly \
-m \
--dns-cloudflare \
--dns-cloudflare-credentials /local/certbot/cloudflare.ini \
--agree-tos \
--noninteractive \
-d \
-d \

#,, must have A records on cloudflare pointing to

cp /tmp/letsencrypt/data/live/* ./
cat ./fullchain.pem ./privkey.pem > ./haproxy.pem
Enter fullscreen mode Exit fullscreen mode

thats all, now for nodejs apps use following https options

key: fs.readFileSync('./privkey.pem'),
cert: fs.readFileSync('./fullchain.pem'),
Enter fullscreen mode Exit fullscreen mode

for haproxy use haproxy.pem like in simple config below

# haproxy -f ./playground/haproxy-http-2.cfg -db

frontend rgw-https
  bind *:3009 ssl crt /root/realadvisor/https-dev-keys/haproxy.pem alpn h2,http/1.1
  default_backend rgw

backend rgw
  balance roundrobin
  mode http
  server  rgw1 check
Enter fullscreen mode Exit fullscreen mode

This is fast and simple way I prefer now to have development certificates, which doesnt need any additional documentation for developers.

Top comments (0)