Caddy local CA

• 1 min read

Firefox does not recognize Caddy's local Certificate Authority by default.

When running Caddy locally, it will also generate its own local Certificate Authority (CA). Caddy will use this CA to sign certificates for local HTTPS.

This is pretty cool! But Caddy’s local HTTPS does not work in Firefox by default. When running Caddy on localhost, Firefox will show the error code SEC_ERROR_UNKNOWN_ISSUER when visiting https://localhost (other browsers like Safari don’t have this issue).

SEC_ERROR_UNKNOWN_ISSUER error in Firefox when visiting https://localhost.

Visiting https://localhost in Firefox when running Caddy on localhost.

Turns out that Firefox does not recognize Caddy’s local CA by default. And you have to manually import Caddy’s local root certificate into Firefox.

How to import Caddy’s local root certificate into Firefox?

  1. Open Firefox and go to about:preferences#privacy.

  2. Scroll down to the Security > Certificates section, and click View Certificates.

Certificate settings in Firefox.
Viewing certificates in Firefox.
  1. Select the Authorities tab, and click Import.
Authorities in Firefox's Certificate Manager.
Importing a new CA in Firefox.
  1. Find Caddy’s local root certificate in its data directory, and open it. On a Mac it’s located at ~/Library/Application\ Support/Caddy/pki/authorities/local/root.crt.
Caddy's local root certificate location on a Mac.
Finding Caddy’s local root certificate on a Mac.
  1. Check the Trust this CA to identify websites checkbox, and click OK.
Certificate trust dialog in Firefox.
Trusting Caddy’s local CA.
  1. The Caddy Local Authority should now be listed in the Authorities tab.
Caddy's local CA in Firefox's Certificate Manager.
Successfully importing Caddy’s local CA.
  1. Restart Firefox, and accessing localhost over HTTPS will now work!



Thanks for reading!
If you have ideas how to improve this post, let me know on GitHub.