# Localhost SSL cert with Lima **URL:** https://discourse.roots.io/t/localhost-ssl-cert-with-lima/28027 **Category:** trellis **Tags:** lima **Created:** 2024-09-27T14:02:05Z **Posts:** 7 ## Post 1 by @visualasparagus — 2024-09-27T14:02:05Z Hi @swalkinshaw, I see you commented regarding certificate automation being added for Lima in a newer version of Trellis CLI. > [@Introducing Lima to Trellis for Faster Local Development](https://discourse.roots.io/t/introducing-lima-to-trellis-for-faster-local-development/24928/17): > > There’s no automated way to do that yet. I might wait for [SSL certificates refactor by swalkinshaw · Pull Request #1310 · roots/trellis · GitHub](https://github.com/roots/trellis/pull/1310) with [https://github.com/roots/trellis-cli/pull/311](https://github.com/roots/trellis-cli/pull/311) The generated Lima config is in .trellis/lima/\.yml but there’s two issues: it will be re-generated each time you re-create a Lima instance I don’t even know how or if Lima lets you change those params on an existing instance with re-creating it Basically, I need to add support to the CLI con… However, I cannot find any further documentation of it and these and the related PR’s, while a few years old are still open. Is there anything you can point me towards to help me set this up? Thank you in advance! --- ## Post 2 by @swalkinshaw — 2024-09-27T14:17:44Z Sorry about that; that functionality has never been added since it relied on that big SSL refactor in Trellis which I never felt comfortable changing a while ago and now it’s quite stale. --- ## Post 3 by @visualasparagus — 2024-09-27T14:32:36Z HI @swalkinshaw, Ok, thanks for the answer. Any tips on setting it up manually? Or is that a complex task? Best! --- ## Post 4 by @swalkinshaw — 2024-09-27T15:09:11Z You basically need to run this command: ``` security add-trusted-cert -k ~/Library/Keychains/login.keychain $CERTIFICATE_PATH ``` You can either download the cert from your VM to your local machine, or follow a guide like [this one](https://www.voitanos.io/blog/updated-creating-and-trusting-self-signed-certs-on-macos-and-chrome/) --- ## Post 5 by @qwatts-dev — 2025-11-19T04:42:58Z I ran into this same issueand here’s the simple workflow that ended up working for me. Since Lima doesn’t have automated SSL handling yet, this is a clean manual approach that stays compatible with Trellis defaults… **1. Enter the Lima VM from your Trellis project directory** Run this inside your Trellis project (the directory containing the `trellis` folder): ``` trellis vm shell ``` **2. Copy the generated certificate somewhere readable (I used /tmp)** ``` sudo cp /etc/nginx/ssl/example.com.cert /tmp/ ``` **3. Exit the VM** ``` exit ``` **4. Copy the certificate from the VM to your host machine** Note: you will need the VM’s name.. If you don’t remember your Lima VM name, you can list all VMs: ``` limactl list ``` Then copy the cert using your Lima instance name: ``` limactl copy :/tmp/example.com.cert ~/Downloads/ ``` _(Copying from `/tmp` avoids the permission issues you’d hit when pulling directly from `/etc/nginx/ssl`.)_ **5. Move the certificate somewhere that makes sense to you** For me, it made sense to keep development certs together in a folder inside my `~/.ssh` directory: ``` mkdir -p ~/.ssh/lima mv ~/Downloads/example.com.cert ~/.ssh/lima/ ``` **6. Trust the certificate on macOS** ``` security add-trusted-cert \ -k ~/Library/Keychains/login.keychain-db \ ~/.ssh/lima/example.com.cert ``` After this, your local `https://example.com` (or whatever local domain you’re using) should load in the browser without warnings. This approach kept things simple and avoided modifying permissions inside `/etc/nginx/ssl`. Hopefully this helps others running Trellis with Lima until official SSL handling is added. --- ## Post 6 by @Tetrahedrax — 2025-11-20T10:05:18Z Hello! Nice guide! It works! I had to restart my computer for this to kick in, so if it doesn’t instantly work for someone then try that :slight_smile: Edit: Here’s everything in a single line for easy copy-pasting. Just replace `example.com` with whatever your site’s domain is and it should work! `trellis vm shell -- sudo cp /etc/nginx/ssl/example.com.cert /tmp/ && limactl copy example.com:/tmp/example.com.cert ~/Downloads/ && mkdir -p ~/.ssh/lima && mv ~/Downloads/example.com.cert ~/.ssh/lima/ && security add-trusted-cert -k ~/Library/Keychains/login.keychain-db ~/.ssh/lima/example.com.cert` --- ## Post 7 by @ben — 2025-11-24T18:33:55Z @qwatts-dev Thank you for this :heart: Just updated [https://roots.io/trellis/docs/ssl/](https://roots.io/trellis/docs/ssl/) with these steps and added you to the contributors list for the page