0110.be logo

~ Local TLS certificates with Caddy

This short guide will help you set up a local certificate using Caddy as the webserver to provide local TLS certificates to be able to develop websites immedately using HTTPS. Having a local HTTPS server in development can help with e.g. debugging CORS issues, accessing resources which require a HTTPS connection, or trying out analytics platforms.

1. Configure your hosts file

If you want to use a domain name, you need to first add a line to /etc/hosts which, in this case, sets localhost to correspond to example.com.

1
echo "127.0.0.1 example.com" | sudo tee -a /etc/hosts

2. Configure Caddy

In a directory of your choosing, create a Caddyfile with the following content, it sets Caddy to automatically generate certificates on the fly for example.com or any other domain name. Perhaps you will need to trust the main Caddy certificate on first use:

1
2
3
4
5
6
7
8
9
10
{
    # Enable the internal CA
    local_certs
}

example.com {
    root * .
    file_server
    tls internal
}

3. Create a test site

In the same directory, create an index.html file with contents similar or use your local web the following, or :

1
2
3
4
5
6
7
8
<html lang="en">
<head>
    <meta charset="UTF-8">
</head>
<body>
    <h1>Hello World!</h1>
</body>
</html>

4. Start the Webserver

Still in the same directory as the Caddyfile and the index.html file, run the following command to start the Caddy web server: caddy run

5. Trust the locally generated certificate

In macOS this means adding the local caddy root certificate to your keychain. It can be found here /data/caddy/pki/authorities/local/root.crt In other environments a similar step is needed.

6. access the Test Site

Open your web browser and navigate to https://example.com to access the test site in the command line: open https://example.com. If you inspect the certificate it should be issued by the ‘Caddy local authority’.