Skip to content

localhost with public CA signed SSL certificate

Notifications You must be signed in to change notification settings

bigdcore/localhost.direct

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

68 Commits
 
 
 
 

Repository files navigation

*.localhost.direct - Wildcard Publicly Signed SSL Certificate with Subdomain Support

Note

New DNS Discussion is currently ongoing: Upinel#21

One someday morning, I found myself tackling the usual trifecta of local development issues:

  1. Using Fully Qualified Domain Names (FQDNs) in local testing environments
  2. Dealing with SSL certificates in a local setting, where self-signed certificates are a nuisance
  3. Implementing sub-domains in local development environments

To address these, I registered the domain localhost.direct and obtained a wildcard SSL certificate. I configured localhost.direct and *.localhost.direct to point to 127.0.0.1. Now, happy coding!

Eureka! I realized that I could share the private key and SSL certificate with developers globally at no extra cost. Thus, the *.localhost.direct project was born.

A project portal is available at https://get.localhost.direct/ for developers to download the most up-to-date SSL certificate bundle. This becomes the sole reserved subdomain. Updates to the wildcard SSL certificate will be posted, and your feedback is greatly appreciated.

Cheers!

Important Informations

Important

non-SSL (HTTP): Running normally
SSL (HTTPS): Running normally. Due to the possible key leak causing cert revoke again Upinel#18, we are currently providing two-tier Cert Bundle.

Tip

Addionally, In fact, highly recommanded you can self-sign your own *.localhost.direct certificate and trust the certificate in your organisation, it can make sure public CA revoke does nothing to your developing enviroment, and you can still enjoy public supported sub-domain development testing. (See Download - Section D)

Warning

Never Put the .key file in any public accessible place INCLUDING GITHUB projects. If founded, the cert will revoke. I don't want to require user registration in the future. issue: Upinel#18 The Key files MUST always be password protected in a zip file. The cert bundle is zipped and password protected with a reason. CA is always keep scanning the internet to see if any key file leaked. Thanks.

EULA

To better comply with the guidelines, we’ve made some changes to our user agreement, and they’ll be effective immediately:
By using this service, you (localhost.direct developer) and LHD (localhost.direct) have agreed that you will act as LHD’s developer. However, LHD will never know what you’ve developed and will never claim ownership or copyright to your work. At the same time, LHD will not pay you any incentive or compensation and will not be responsible for any expenses or cost or damage incurred during your development.
With this developer agreement, LHD shall point their developing environment domain (localhost.direct and *.localhost.direct) to your development server IP address (in this case, 127.0.0.1). LHD will also grant you the right to use LHD’s SSL certificate for internal development purposes only. Which will be provided to you separately.
It is important to note that the Certificate Bundle(s) remains LHD's properties and you must never leak, share, or sublet this Certificate Bundle with any other parties. If you have more than one developer, they will all be under the same developer agreement with LHD.

Usage:

For non-SSL user

localhost.direct works immediately without configuration, functioning just like the traditional localhost, with added support for subdomain.localhost.direct.

For user would like to use HTTPS (SSL) in their localhost development environment

Download or clone the .key and .crt files, then deploy them to your local web server to set up an SSL-enabled local development environment.

Limitation:

get.localhost.direct is reserved and it is the only subdomain that you cannot use.

Download

We now have two-tier cert bundle, for user want to have fully anonymous, please use General Cert Bundle. We also provide Cert Bundle by Request and Cert Bundle by Sponsorship, you can request it by email.

A. General Cert Bundle (fully Anonymous)

Important

Using General Cert Bundle might have the risk of cert revocation again and again if any user misuses it. The General Cert might also have less priority of maintenance and require user reports to re-issue it. Upinel#18

Download: https://aka.re/localhost
Password for General Cert Bundle file: IWillNotPutKeyFileInPublicAccessiblePlace.X1YKK

B. Cert Bundle by Request (Free - by minimal registration)

You may send a request to [email protected] to obtain a certificate bundle that is only shared with limited users if you want to reduce (not 100%) the risk of being revoked due to other users’ bad behaviour.
The email must include the following informations:

Your Email: (Email must not be temporary email)
Your GitHub ID:
Your Project Name: 

The Cert Bundle by Request might take sometime to process

C. Cert Bundle by Sponsorship

To express our gratitude to our sponsors, Sponsors can request one-year version of the Cert Bundle who have made a monthly donation of $5 or a one-time donation of over $40. To request this special offer, please send an email to [email protected], providing your sponsorship GitHub ID or PayPal ID. Your support will be instrumental in helping us develop our own auto-issuing portal as soon as possible. Sponsors who make a donation before November 2024, regardless of the amount, can request the Cert Bundle as a token of appreciation for their early support.

D. Non-Public CA certificate (If you have admin right on your development environment, you can use the following 10 years long pre-generated self-signed certificate.)

This is the most certain way to avoid CA revocation. Simply download the following Certificate Bundle (or create it yourself), install it, and trust the certificate. As a result, you’ll have a 10-year-long *.localhost.direct certificate installed on your development environment. Since it’s trusted locally, it’s the most stable solution if you are in a environment that have full admin rights.
Download: https://aka.re/localhost-ss
Password: localhost

Last update Log.

  • 2024-Nov-19 Reissuing the General Certificate Bundle.
  • 2024-Nov-11 User keep leaking key, new policy need to apply before new portal unfortunately.
  • 2024-Nov-01 Short Term Cert Issue, Expire 30 Jan 2025
  • 2024-Apr-20 SSL Intermediate Chain update with the help of @mundry, Expire keep 15 May 2025
  • 2024-Apr-17 SSL Renewal, Expire 15 May 2025
  • 2023-Jun-15 SSL Intermediate Chain update, Expire 31 Mar 2024
  • 2023-Apr-01 SSL Renewal, Expire 31 Mar 2024
  • 2022-Aug-29 Reupload the SSL file of 2022-Mar-29 (Expire 30 Apr 23)
  • 2022-Mar-29 SSL Renewal
  • 2021-Mar-02 SSL Renewal
  • 2020-Feb-26 SSL Renewal
  • 2019-Feb-24 SSL project

Credit:

This project is self-funded and shared freely with the community. We respect your privacy; your usage of localhost.direct is anonymous to us.
Giving this project a star fuels our commitment to maintaining and improving it.

Donations are welcomed at Github Sponsor or paypal.me/Upinel and are deeply appreciated.

A heartfelt thank you to the following sponsors :)

  • SkyArk Inc (UK)
  • Jackson Peak LLC
  • the Lancelot Limited
  • Peter Jong
  • cagnulein
  • Klijn Engineering

I love you all <3

About

localhost with public CA signed SSL certificate

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published