If you want to setup actual trusted SSL certificates locally, you can do that using Let’s Encrypt

But why? Link to heading

If you have a local development environment, then it makes sense to do it like this. Of course, you can have self signed certificates but that would involve trusting the CA in your browsers as such. And that gets more difficult when you have to have the certificate trusted across a bunch of devices in the local network

Requirement Link to heading

You need a publicly registered domain name that you can add TXT records to

I have a Debian 10 virtualmachine running at 192.168.33.14. I have a domain pointed to it. The domain in this case is jenkins.devops.esc.sh

The setup Link to heading

Step 1 - Install Certbot Link to heading

Assuming you are using a Debian virtual machine

sudo apt install certbot python4-certbot-nginx

Step 2 - Fetch certificate using DNS challenge Link to heading

certbot -d your-domain.com --manual --preferred-challenges dns-01 certonly

this will put you in a prompt like below Press Y for the question of logging the IP address.

root@jenkins-server:~# certbot -d jenkins.devops.esc.sh --manual --preferred-challenges dns-01 certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for jenkins.devops.esc.sh

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.jenkins.devops.esc.sh with the following value:

2xdgemNwApJ6OGVkFlAJFk0PB2h45m_J9C_I55IywLA

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Copy the TXT record and add it in your domain’s DNS. I am using Cloudflare for DNS so I have added it like this

DNS TXT record

TXT Record

And in dig it should show up like this

➜  ~ dig _acme-challenge.jenkins.devops.esc.sh TXT +short
"2xdgemNwApJ6OGVkFlAJFk0PB2h45m_J9C_I55IywLA"
➜  ~

After verifying that the TXT record is propagated press Enter and certbot should fetch a fresh certificate and place it under /etc/letsencrypt/live/<your domain>/. You can use it anywhere

For example, you can configure Nginx to use it like this To create letsencrypt.conf, refer THIS

server {
    listen 80;

    include /etc/nginx/snippets/letsencrypt.conf;

    server_name your-domain-name.tld;

    root /var/www/your-domain-name.tld;
    index index.html;

    listen 443 ssl; 
    ssl_certificate /etc/letsencrypt/live/your-domain-name.tld/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/your-domain-name.tld/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 
}

More Configuration options (like http -> https redirection) Link to heading

If you would like to know how to do more configuration options such as redirecting http to https or redirecting www to non-www etc, refer to this doc

Setting up Let’s Encrypt