Hey @iMark thanks for the question! We don’t have any specific steps for using mkcert with Local. One thing you could try (but be careful!) is to let Local generate it’s certificate first so that the various nginx config is created, then use mkcert to re-generate the key+cert. The location that Local saves it’s certificates is in the user config folder, in the run/router/nginx/certs path. On MacOS that looks something like:
I’d be curious to hear your experience if you do go that route.
Additionally, I’d love to know what kinds of issues you’ve come across with those certificates!
As it is now, Local uses our own tool to generate certs which is based on mkcert, but written in node. This was because at the time we were implementing SSL, mkcert didn’t support Windows and we didn’t have experience using golang.
Anyway, it looks like these days, mkcert supports windows, so I’ve put a ticket in our backlog to explore replacing our implementation with mkcert. I know that we also have some work ear-marked to explore a different approach that wouldn’t require generating certs for each site.
Thanks for getting back to me.
I’ll give what you suggest a try.
I’ve found the ssl certs created by local did not work. Still getting insecure warning and certs not trusted in all browsers.
I’m spending this weekend with it testing etc.
So I will keep you posted.
Well I’ve done extensive testing on Windows11, Opensuse Slowroll Linux, and macOS Sonoma using localwp. LocalWP certs all throw up errors.
Your connection to this site is not secure, This site can’t provide a secure connection. etc
On Firefox I get two errors ERR_SSL_PROTOCOL_ERROR and PKIX ERROR CA CERT USED AS END ENTITY.
What I’ve done on all operating systems is to find where the LocalWP certs are stored.
I’ve created new certs using MKCERT. This creates two files ending in .pem. I just renamed them to .crt and .key. Then replaced them in the relevant folders.
Restarted LocalWP and everything works fine on all operating systems.
I don’t even have to trust the certificates in LocalWP. I’m guessing that’s because the ROOT CA has been addded to the trust stores when I’ve ran MKCERT -install.
The only issue I have now is when I click open site button or wp admin button.
LocalWP takes me to the http version of the site. I’ve noticed this is a known bug, and you’ve replied to this in other threads in the community. What’s sad is this bug is more than a year old and still hasn’t been addressed. No matter as I get round it forcing https in the browser, or I just type in the urls straight into the browser.
LocalWP is fast and with the MKCERT workaround it’s everything I need. Prior to that I was using docker to spin up local sites. This was a pain and quite complex. LocalWP speeds up my workflow.
Look forward to what the future will bring to LocalWP re ssl and I hope that the http bug gets resolved. At the minute I can get it to work for everything I need.
Thanks for your help and maybe this workaround solution can help someone else.