My setup for local HTTPS with mkcert and Caddy

A very rough guide about how I set up my local development environment with HTTPS enabled
June 23, 2025 ยท 3 min read

Here's the setup I use for local development with HTTPS enabled. This configuration is beneficial if you want to test cookie-based authentication across subdomains, because it installs a wildcard certificate on your computer.

If you intend to follow this post, good luck, as it's essentially a glorified note that I wrote a few years ago when I configured this on my previous computer. Take notes about the changes you make so that you can revert them if something goes wrong later.

Let's get started!

Installing mkcert and Caddy

We depend on these two dependencies; here are the links to install them:

  • mkcert. https://github.com/FiloSottile/mkcert#installation
  • Caddy. https://caddyserver.com/docs/install

Once we have installed both, we can continue with the setup.

Configuring everything

We'll start by creating a local Certificate Authority (CA).

mkcert -install

Now we can generate certificates for the local.dev domain. Feel free to replace local.dev with a domain of your choice!

mkcert "*.local.dev" "local.dev" "localhost" "127.0.0.1" "::1"

The certificates will be generated in the working directory. I prefer to move them to the /etc/ssl directory, but you can place them wherever you want.

sudo mv ./_wildcard.local.dev* /etc/ssl

Update the /etc/hosts file to trust our domain and the subdomains we want.

# /etc/hosts
127.0.0.1 localhost api.local.dev local.dev

Let's add a Caddyfile.dev file to our project now; these will act as reverse proxies sitting in front of whatever development environment we have. Note that you'll need to update the ports to match those of your project. I tend to use port 3000 for the API and 4200 for the web app.

api.local.dev {
  reverse_proxy http://localhost:3000
}

local.dev {
  reverse_proxy http://localhost:4200
  tls /etc/ssl/_wildcard.local.dev+4.pem /etc/ssl/_wildcard.local.dev+4-key.pem 
}

Once that's done, from our project directory, we can run the following command, and the server will start.

sudo caddy run --config ./Caddyfile.dev

Since I mostly work in Node.js projects, I need to tell Node.js to trust the CA we created in the first step of this setup. That can be done by adding this to either your .bashrc or .zshrc file, depending on the shell you use:

export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem"

That's about it; other runtimes may require a similar approach. If you got to this point, I trust you can look that up :)

Share article

BlueskyLinkedInTwitterFacebook

Other publications

Step Up Your Multi-Computer Setup By Sharing Mouse and Keyboard Between SystemsMarch 3, 2020Say Goodbye To Provider Hell With react-component-packFebruary 26, 2020