1 min read

Caddy local CA

Firefox does not recognize Caddy's local Certificate Authority by default.

Planted Jun 23, 2023

• evergreen

When running Caddy locally, it will also generate its own local Certificate Authority (CA). Caddy will use this CA to sign certificates for local HTTPS.

This is pretty cool! But Caddy’s local HTTPS does not work in Firefox by default. When running Caddy on localhost, Firefox will show the error code SEC_ERROR_UNKNOWN_ISSUER when visiting https://localhost (other browsers like Safari don’t have this issue).

Turns out that Firefox does not recognize Caddy’s local CA by default. And you have to manually import Caddy’s local root certificate into Firefox.

How to import Caddy’s local root certificate into Firefox?

1. Open Firefox and go to about:preferences#privacy.

2. Scroll down to the Security > Certificates section, and click View Certificates.

3. Select the Authorities tab, and click Import.

4. Find Caddy’s local root certificate in its data directory, and open it. On a Mac it’s located at ~/Library/Application\ Support/Caddy/pki/authorities/local/root.crt.

5. Check the Trust this CA to identify websites checkbox, and click OK.

6. The Caddy Local Authority should now be listed in the Authorities tab.

7. Restart Firefox, and accessing localhost over HTTPS will now work!