Search notes:

Shell command: mkcert

It generates a local certificate authority on your machine. It creates self-signed ssl certificates against that authority.
mkcert
mkcert does not automatically configure (web-) servers to use the certificates.

Using mkcert to test HTTPS on a local web server

mkcert -install

First, we need to create and install a local CA. This needs to be done only one on a machine: 
$ mkcert -install
Created a new local CA 💥
Sudo password:
The local CA is now installed in the system trust store! ⚡️
Warning: "certutil" is not available, so the CA can't be automatically installed in Firefox and/or Chrome/Chromium! ⚠️
Install "certutil" with "apt install libnss3-tools" and re-run "mkcert -install" 👈
This local CA seems to be installed under /usr/local/share/ca-certficates (note the timestamp is the same as when mkcert -install was executed) 
$ ls -ltr /usr/local/share/ca-certificates | tail -1
-rw-r--r-- 1 root root 1619 Aug  2 14:07 mkcert_development_CA_157960383946293083787711498334715383889.crt
I also find three new/modified files under /etc/ssl/certs: 
$ ls -ltr /etc/ssl/certs | tail -3
lrwxrwxrwx 1 root root     98 Aug  2 14:07 mkcert_development_CA_157960383946293083787711498334715383889.pem -> /usr/local/share/ca-certificates/mkcert_development_CA_157960383946293083787711498334715383889.crt
-rw-r--r-- 1 root root 218210 Aug  2 14:07 ca-certificates.crt
lrwxrwxrwx 1 root root     65 Aug  2 14:07 5e562614.0 -> mkcert_development_CA_157960383946293083787711498334715383889.pem
Because mkcert complained about certutil not being available, we install it as recommended: 
$ sudo apt install -y libnss3-tools
Install CA for firefox and/or Chome/Chromium as well: 
$ sudo mkcert -install
The local CA is already installed in the system trust store! 👍
The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)! 🦊
It seems that the CA for firefox/Chrome was installed under ~/.pki/nssdb: 
$ ls -ltr ~/.pki/nssdb/

mkcert localhost

With the local CA, we can issue certificates, here for localhost: 
$ mkcert localhost
Created a new certificate valid for the following names 📜
 - "localhost"

The certificate is at "./localhost.pem" and the key at "./localhost-key.pem" ✅

It will expire on 2 November 2027 🗓
These two files localhost.pem and localhost-key.pem need then to be configured in the web server, for example for nginx in the nginx.conf file with 
http {
  server {
    listen 443 ssl;
    server_name localhost;

    ssl_certificate     /path/to/directory/localhost.pem;
    ssl_certificate_key /path/to/directory/localhost-key.pem;

  }
}

TODO

CAROOT

$ mkcert -CAROOT
/home/rene/.local/share/mkcert

See also

Shell commands

Index

Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 8 attempt to write a readonly database in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php:51 Stack trace: #0 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(51): PDOStatement->execute(Array) #1 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(66): id_of(Object(PDO), 'uri', '/notes/Linux/sh...') #2 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(30): insert_webrequest_('/notes/Linux/sh...', 1758200476, '216.73.216.150', 'Mozilla/5.0 App...', NULL) #3 /home/httpd/vhosts/renenyffenegger.ch/httpsdocs/notes/Linux/shell/commands/mkcert(117): insert_webrequest() #4 {main} thrown in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php on line 51