This is a tool using certs-maker container to generate self-signed certificates for testing environments.
- ✅ Quick Certificate Generation: Generate self-signed certificates with one click
- ✅ Wildcard Domain Support: Supports
*.example.comwildcard domains - ✅ Multiple Domain Support: Supports multiple domains and subdomains
- ✅ PEM Format: Generates standard PEM format certificate files
Before using this tool, you need to configure the following environment variables in traefik-make-local-certs/.env:
# Certificate domain configuration
CERT_DNS=example.com,*.example.com- Docker 20.10+
- Docker Compose 2.0+
Configure the domain name for certificate generation in traefik-make-local-certs/.env:
CERT_DNS=example.com,*.example.comTip: You can configure multiple domains, separated by commas, for example:
CERT_DNS=example.com,*.example.com,test.com,*.test.com
Run the certificate generation tool:
docker compose -f traefik-make-local-certs/docker-compose.yml up
docker compose -f traefik-make-local-certs/docker-compose.yml down --remove-orphansGenerated certificate files will be saved in ../../ssl/ directory:
ls -la ../../ssl/Certificate file format:
- Certificate file:
domain.pem.crt - Private key file:
domain.pem.key
For example, if CERT_DNS=example.com,*.example.com is configured, it will generate:
example.com.pem.crtexample.com.pem.key
This tool uses soulteary/certs-maker container to generate certificates:
services:
certs-maker:
image: soulteary/certs-maker:v3.8.0
environment:
- CERT_DNS=${CERT_DNS}
volumes:
- ./ssl:/sslCertificate files are saved in ../../ssl/ directory, sharing the same directory with Traefik configuration.
Generated certificates are in PEM format:
- Certificate file:
.pem.crt - Private key file:
.pem.key
# Configure .env
CERT_DNS=example.com
# Generate certificate
docker compose -f traefik-make-local-certs/docker-compose.yml up
docker compose -f traefik-make-local-certs/docker-compose.yml down --remove-orphans# Configure .env
CERT_DNS=*.example.com
# Generate certificate
docker compose -f traefik-make-local-certs/docker-compose.yml up
docker compose -f traefik-make-local-certs/docker-compose.yml down --remove-orphans# Configure .env
CERT_DNS=example.com,*.example.com,test.com
# Generate certificate
docker compose -f traefik-make-local-certs/docker-compose.yml up
docker compose -f traefik-make-local-certs/docker-compose.yml down --remove-orphans-
Check Domain Format:
- Ensure domain format is correct
- Wildcard domains use
*.example.comformat
-
Check Directory Permissions:
- Ensure
../../ssl/directory exists - Ensure write permissions
- Ensure
-
View Container Logs:
docker compose -f traefik-make-local-certs/docker-compose.yml logs
Simply run the generation command, it will overwrite existing certificates:
docker compose -f traefik-make-local-certs/docker-compose.yml up
docker compose -f traefik-make-local-certs/docker-compose.yml down --remove-orphansDefault generated certificates are valid for 365 days. If you need to customize the validity period, you need to modify certs-maker configuration.
Not recommended. Self-signed certificates are not trusted by browsers and are only suitable for testing and development environments. Production environments should use:
- Free certificate services like Let's Encrypt (refer to
../../traefik/acme/) - Commercial certificates
- Certificates issued by enterprise internal CA
Use OpenSSL to view certificate information:
# View certificate information
openssl x509 -in ../../ssl/example.com.pem.crt -text -noout
# View certificate validity period
openssl x509 -in ../../ssl/example.com.pem.crt -noout -datesCertificate files are automatically saved in ../../ssl/ directory, and Traefik configuration will automatically load certificates from this directory.