Installing local certificate using mkcert and caddy

If you are using Caddy and want a valid local certificate for your development environment you can use mkcert. Here’s how:

Install mkcert:

Download and install the latest release of mkcert:

wget -O mkcert https://dl.filippo.io/mkcert/latest?for=linux/amd64
chmod +x  mkcert
sudo mv mkcert /usr/local/bin

Create Local Certificates

Generate local certificates, replacing local.dev with your local domain:

mkcert --cert-file localhost.crt --key-file localhost.key localhost 127.0.0.1 ::1 local.dev "*.local.dev"

This will generate localhost.crt and localhost.key.

Install Certificates

Install the certificates on your machine:

mkcert -install

Tip!

If you receive a warning about “certutil” not being available, install nss-tools using your distribution’s package manager and rerun mkcert -install.

Configure Caddy

Move the certificate files to a folder (e.g., certs) for easier mounting if using Caddy with Docker. Then, update your Caddyfile:

(tls) {
  encode gzip
  tls /certs/localhost.crt /certs/localhost.key {
    on_demand
  }
}

syncthing.local.dev {
  import tls
  reverse_proxy syncthing:8384
}

With this, Caddy serves syncthing.local.dev using the certificate generated by mkcert.

Using wildcard domains?

If you need *.local.dev to resolve to a specific IP on your network, see how to configure wildcard domains in Pi-hole.