DEV Community

tommy george
tommy george

Posted on β€’ Originally published at tommygeorge.com

1

No more self signed certificate warnings: HTTPS local development using Caddy 2 on macOS

Cross posted from my blog (from January 1). Hopefully useful in this wider community. =)


Relatively recently, I saw Wes Bos' YouTube Short about local https with Caddy.

I tried exactly that, but kept getting the self-signed certificate warnings in browsers. Boo! I figured there must be an extra step on my machine.

TL;DR: This is how I got it working: Install certutil

# Install `certutil`:
brew install nss
Enter fullscreen mode Exit fullscreen mode

So, brew install nss, and then caddy file-server --domain tg.localhost, or even stuff like caddy reverse-proxy --from tg.localhost --to http://localhost:1313.

The first time you run Caddy, it will prompt for your system password to install a trusted root cert. After that, no more "self signed certificate" warnings.

And yes: Change tg.localhost to just about anything you want. Open it in your browser, and it should "just work"!

How I figured it out

When running things like caddy file-server --domain tg.localhost, I noticed warnings in the output. This was while Caddy was trying to create/install the root certificate, and suggesting to install certutil:

WARN    pki.ca.local    installing root certificate (you might be prompted for password)    {"path": "storage:pki/authorities/local/root.crt"}
INFO    warning: "certutil" is not available, install "certutil" with "brew install nss" and try again
Enter fullscreen mode Exit fullscreen mode

It did prompt for local machine password a couple times, so I figured whatever fallback mechanism it was using would be working. But apparently not. Because I was still seeing "self signed" certificate warnings.

I've never used certutil, so wasn't familiar. But I decided to try it and ran brew install nss per the recommendation from Caddy output.

To be sure, I ran caddy trust, (while caddy run was running in another terminal!) and it worked flawlessly.

In subsequent tests, I haven't had to untrust/trust. It "Just Works", as long as certutil is already installed.

Hope that's helpful!

Billboard image

Synthetic monitoring. Built for developers.

Join Vercel, Render, and thousands of other teams that trust Checkly to streamline monitor creation and configuration with Monitoring as Code.

Start Monitoring

Top comments (0)

Cloudinary image

Video API: manage, encode, and optimize for any device, channel or network condition. Deliver branded video experiences in minutes and get deep engagement insights.

Learn more

πŸ‘‹ Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay