_o/ author here! mkcert is definitely my most popular tool, and it's always a delight to see how it makes developers' lives easier and how happy they are about it <3
Something that I wonder about from time to time is how "done" is mkcert. A lot of its value is in simplicity, so I've rejected attempts to make it more of a toolkit to generate all sorts of certificates (although I see the value in being able to edit the expiration and other fields). The only thing on my TODO is splitting the trust stores out into an importable package for other tools to use. Maybe that will act as a release valve for other use cases.
In a sense, mkcert will never be done because its job is also to keep up with browser requirements for you, but that goes in waves, and not much has changed in the last couple years. (Unlike the first years of mkcert, when things were really a moving target.) Similarly, it has to keep up with new trust stores and ways to install into them, and we might be overdue for a pass of that, but these are not really new features, just maintenance.
No matter what I work on and how complex, mkcert is always there for my dev environment. In combination with cert-manager's CA support[0], even TLS for Kubernetes development environments is simple as it gets.
Thanks for this tool! I found it when Apple started enforcing stricter requirements for certificates, and the commands I was using to create certificates at the time had become inadequate. I have since used mkcert to generate dozen of certificates for my local network, which work on any service and device.
The only drawback of mkcert is that it makes you forget the steps needed to make a certificate!
Thanks you for making it and keeping it simple. I agree that the simplicity is what makes it great to use for localhost testing. Big fan of this tool since I found it.
Something that I wonder about from time to time is how "done" is mkcert. A lot of its value is in simplicity, so I've rejected attempts to make it more of a toolkit to generate all sorts of certificates (although I see the value in being able to edit the expiration and other fields). The only thing on my TODO is splitting the trust stores out into an importable package for other tools to use. Maybe that will act as a release valve for other use cases.
In a sense, mkcert will never be done because its job is also to keep up with browser requirements for you, but that goes in waves, and not much has changed in the last couple years. (Unlike the first years of mkcert, when things were really a moving target.) Similarly, it has to keep up with new trust stores and ways to install into them, and we might be overdue for a pass of that, but these are not really new features, just maintenance.
Previously:
Mkcert: Tool for making locally-trusted development certificates — https://news.ycombinator.com/item?id=17748208 — Aug 2018 (39 comments)
Show HN: Mkcert – Valid HTTPS certificates for localhost — https://news.ycombinator.com/item?id=18842218 — Jan 2019 (118 comments)