Shami's Blog

Sysadmin, Because Even Developers Need Heroes

HOWTO - Letsencrypt Certificates for localhost


A few days ago I discovered * which is a neat service that allows you to access localhost with multiple hostnames allowing the creation of multiple development sites without having to use http://localhost/(site1|site2|site3). We all know that has some difficulties when it comes to moving those sites to production. Not all CMS’s and frameworks support an easy migration.

One disadvantage as described on their website is SSL. You can always use a self-signed certificate, but where is the fun in that?

A good way to do it is LetsEncrypt . If you have your own domain, you can just use the DNS provider with ClouDNS or Cloudflare . If you don’t already have a domain, the cheapest TLD I could find was .ovh which at the time of writing only costs 3.19$ per year.

Both Cloudflare and ClouDNS offer free plans. I happen to use Cloudflare because I utilize their other services.

I will be using my favorite ACME client, lego . I don’t see much written about lego even though it’s very simple to use. lego supports the following providers .

Generate an API token

  1. Go to “My Profile”
  2. Click on “API Tokens”
  3. Click on “Create Token”
  4. Click on “Edit zone DNS”
  5. For “Zone Resources”, choose your domain. This gives the least privileges possible to this token
  6. Click on “Continue to summery”
  7. Click on “Create Token”
  8. Store your token securely, this has access to modify your account.
  9. Add an A record with the name *.dev and the value to your domain

For the purpose of this HOWTO, I will be using the domain and the Windows binary for lego. Configuration for other platforms should be similar.

Setting up lego

  1. Download the binary from here
  2. Run the code below
SET [email protected]
SET CF_DNS_API_TOKEN=b9841238feb177a84330febba8a83208921177bffe733
lego -a --dns cloudflare --domains * --email [email protected] run

Now inside .lego/certificates you will find the newly generated certificate which you can use with

About Me

Dev gone Ops gone DevOps. Any views expressed on this blog are mine alone and do not necessarily reflect the views of my employer.

twitter linkedin