Skip to content

HTTPS & trusted certs

Butler can serve any site over HTTPS with a certificate your browser actually trusts — no red padlock, no “your connection is not private” warning. It does this with its own certificate authority (CA) that’s installed into your Mac’s keychain during setup.

Terminal window
butler secure my-app

That issues a certificate for my-app.test and flips the site to HTTPS. Reload the page and https://my-app.test loads cleanly. Omit the name to secure the site in the current directory:

Terminal window
cd ~/Sites/my-app
butler secure

You can also secure a site from the Sites section of the menu bar app.

Terminal window
butler unsecure my-app
Terminal window
butler secured

For browsers to trust Butler’s certificates, Butler’s CA has to be trusted by your system. This happens automatically during butler system install, which is why it prompts for your password once.

If you ever need to install the trust manually — for example after clearing your keychain — run:

Terminal window
butler trust

On a CLI-only install this needs to run under sudo in a terminal so it can add the CA to the system keychain. If you use the app, it can handle the trust prompt for you through the standard macOS security dialog.

If you’d rather use a certificate you already have (say, a wildcard cert), point a site at it in butler.yml instead of using Butler’s CA:

ssl:
cert: /abs/path/to/site.pem
key: /abs/path/to/site-key.pem

Butler’s certificates are issued with a limited lifetime. To renew:

Terminal window
butler renew # renew site certificates
butler renew --expiring 30d # only those expiring within 30 days
butler renew --ca # renew the CA itself

Renewing the CA re-issues the root; you may be prompted to re-trust it.