(discontinued) Run a green-badge local HTTPS server with zero configuration

⚠️ Apparently, this goes against letsencrypt’s ToS and I can’t use their certificates in such manner. And I have to drop this tool. I would have issued a non-free certificate to keep this tool up, but it doesn’t sound like a great idea to publish a private key that is officially registered to my name.

The importance of using HTTPS locally

One might assume that HTTPS isn’t needed for local development. But that’s not always the case. You need to test for mixed-content, secure cookies, service workers, etc. This thread by Kyle makes the point perfectly.

Running a local HTTPS server can be pain in the neck. You have to create your own certificates, add them as trusted etc. You know the deal.

Using tunnels, at least the freely-available choices, isn’t the best experience either, they create a different URL everytime, they can get really slow, and 3rd parties will have access to your app in plain text.

But what if you could use a static, short and memorable URL to access your app without 3rd parties involvement? ez-s does exactly that. You run ez-s and access https://ez-s.io:5000 and you’ll see your app with a green badge.

What is EZ-S?

It’s a fork of zeit/serve that gives you the ability to locally run a green-badge HTTPS server. You can see it on GitHub here.

Quick steps

$ npm i -g @alshakero/ez-s
$ ez-s

// => go to [https://ez-s.io](https://ez-s.io):5000 to see your app

How does it works?

  1. The domain ez-s.io has a single A DNS record pointing to the IP address

  2. ez-s package includes SSL certificates generated by letsencrypt.

  3. There is also a small HTTPS server that uses the aforementioned certificates including the private key. So when you access ez-s.io the certificate provided will actually match letsecrypt’s, and you get a green badge. The IP address of the host does not matter. As long as letsencrypt records match the certificates provided by the server, Chrome will not object.

Wait what? Public private keys?! Yes. Because the domain will forever point to, impersonating it will not take the impersonator anywhere. Unless the impersonator has power over the victim’s DNS server, which makes ez-s the least of the victim’s worries 😁


Since ez-s.io points to, your app will be only accessible locally. You can’t test it on your phone or using another machine.

Due to this caveat, serve’s –listen argument is useless in this case. The only configurble network-related parameter is the port.


If you have any questions please go ahead and comment below.

Written on July 30, 2018