Setting Up HTTPS Locally with mkcert
This guide explains how to set up self-signed certificates using mkcert to enable HTTPS for:
- app.localhost β Frontend
- localhost β Homarr homepage
- docs.localhost β Documentation
π Prerequisitesβ
Ensure you have brew installed (for macOS users).
πΉ Step 1: Install mkcert and NSSβ
brew install mkcert nss // needed for cross-platform compatibility (e.g. Firefox)
mkcert -install
πΉ Step 2: Generate SSL Certificatesβ
mkcert -cert-file certs/cert.crt -key-file certs/key.pem app.localhost localhost docs.localhost
This creates a certificate valid for app.localhost, localhost, and docs.localhost.
πΉ Step 3: Convert to PEM Formatβ
openssl x509 -in certs/cert.crt -out certs/cert.pem -outform PEM
πΉ Add Certificate to System Trust Storeβ
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain certs/cert.pem
π Final Step: Restart Docker & Servicesβ
make compose-down
docker stop $(docker ps -a -q) # Stop all running containers
make dev
π Troubleshootingβ
1. Browser Still Shows "Not Secure"?β
- Try opening in Incognito Mode or clearing cache.
- Restart your browser after adding the trusted certificate.
- Ensure Traefik is correctly configured in
dynamic.ymlto use the generated certs.
2. Certificate Not Recognized?β
- Run the following command to reinstall mkcert's local CA:
mkcert -install
3. Verify that the certificate contains the expected domains:β
openssl x509 -in certs/cert.crt -text -noout | grep -A 2 "Subject Alternative Name"
should output:
X509v3 Subject Alternative Name:
DNS:app.localhost, DNS:localhost, DNS:docs.localhost