Several years ago, when I was still doing a lot of web development in Ruby, I used Pow. Pow made a lot of local networking tasks easier (or rather, often prevented the need to do anything), especially when switching between several projects. When using Pow, (Rack) apps would be accesible at appname.dev, and ever since I've used myapp.dev for local development when 'localhost' wouldn't cut it.

I'm not the only one to make heavy use of .dev, so was able to find several posts when one day it stopped working. Turns out, Google owns .dev now, and all indications suggest they are keeping it for internal use. However, as .dev is also now in the HSTS list, undesired behavior when doing local development for the rest of us is basically a given.

When researching the problem, I learned that .localhost is reserved (along with .test, .invalid, and .example) for exactly this scenario. Because I want as much production parity as possible, I also wanted to solve the problem of having accepted certificates when building webapps served locally over HTTPS. Wondering if LetsEncrypt had anything to solve the issue, I came across this article. From there, I grabbed and used Minica (another golang tool) and took the following steps.

  • mkdir directory/for/local/certificates
  • cd directory/for/local/certificates
  • go get github.com/jsha/minica
  • minica -domains 'myapp.localhost'
  • openssl x509 -in minica.pem -inform PEM -out minica.crt
  • mkdir /usr/share/ca-certificates/extra
  • sudo cp minica.crt /usr/share/ca-certificates/extra
  • sudo dpkg-reconfigure ca-certificates
  • cp myapp.localhost/*.pem path/that/can/serve/up/certificates

I didn't dig into whether or not sufficient restarting of things would matter for browsers picking up the new root cert from the OS, so I just added the root cert to both Chrome and Firefox. The benefit of Minica in regards to browsers is that each new app I create, and therefore each new cert, is done from that root cert Minica first created. Therefore, importing into browsers is just a one time thing as the root cert is trusted.