[mic159]

What's wrong with Lets Encrypt and DNS challenge? Then you get a globally recognised cert.

[alphabettsy]

Nothing, but thats not what this is for at all.

[MehdiHK]

You cannot use them for localhost

[jimdigriz]

Seems a lot easier to register your own domain (useful for so many other things), point localhost.mydomain.com to 127.0.0.1 and run:

    sudo apt-get -yy install --no-install-recommends certbot
    mkdir -p le
    certbot --work-dir ./le --logs-dir le --config-dir le -d localhost.mydomain.com --manual --preferred-challenges dns certonly

Follow the instructions adding the TXT record, you have a valid cert in minutes.

[mic159]

Yes you can. You control the DNS, just point that subdomain to 127.0.0.1.

[thechriswalker]

That's what I use, Caddy webserver with Gandi DNS (also used Route53 in the past) handling the ACME challenge and a `*.l.mydomain.tld` pointing to 127.0.0.1.

Adding reverse proxies for different local services becomes a piece of cake, but mkcert allows you to use `localhost` directly if needed. Personally I never have and like not having to make any changes to the trust store.

[mic159]

Why do you need a reverse proxy? The DNS challenge works without https.