Accepted answer

I was able to get a local certificate working without modifying the webpack-dev-server files using react-scripts 3.4.1 (technically added in 3.4.0 but I had some—probably unrelated—issues). I added these two environment variables to my .env.development:




Use mkcert to create the self-signed cert and install it. I tried other methods but they're error prone.

Example using macOS:

brew install mkcert
mkcert -install
mkcert localhost

Edit package.json:

"start": "HTTPS=true SSL_CRT_FILE=localhost.pem SSL_KEY_FILE=localhost-key.pem react-scripts start",


Simplest way is to run reactjs with SSL on Ubuntu and windows is -

Create cert.pem and key.pem file and put it in ssl folder in app root folder

add below lines in scripts of package.json

"scripts": {
    "start": "...",
    "build": "...",
    "ssl-linux": "export HTTPS=true&&SSL_CRT_FILE=/ssl/cert.pem&&SSL_KEY_FILE=/ssl/key.pem craco start",
    "ssl-win": "set HTTPS=true&&npm start"

Ubuntu - npm run ssl-linux on ubuntu

Windows - npm run ssl-win

To create pem file on ubuntu

Step 1.  openssl req -x509 -newkey rsa:2048 -keyout keytmp.pem -out cert.pem -days 365
Step 2.  openssl rsa -in keytmp.pem -out key.pem

Sample folder structure

enter image description here


This is what I did:

bash <(wget -qO-

Then I double clicked and imported: rootCA.pem and server.pem

Then I modified package.json:

"start": "HTTPS=true react-scripts start",
"prestart": "cp -f /path/to/server.pem ./node_modules/webpack-dev-server/ssl",

Very important sources:


Here is the webpack config of react-scripts when using HTTPS=true along side SSL_CRT_FILE & SSL_CRT_FILE. So you should just be able to add it to the env to set the paths to your cert.

https config in react-scripts


Are we looking for integration of SSL (HTTPS) to localhost for application? Or securely API call with any encryption (specific) algo.

If SSL enablement only,

  1. Need to change at package.json file with HTTPS like –

    "scripts": {
        "start": "HTTPS=true react-scripts start",
        "build": "react-scripts build",
        "test": "react-scripts test",
        "eject": "react-scripts eject"
  2. Create your SSL certificate

  3. In the project root folder, run:

    openssl req -x509 -newkey rsa:2048 -keyout keytmp.pem -out cert.pem -days 365
  4. run the

    openssl rsa -in keytmp.pem -out key.pem
    mkdir .cert
    mv key.pem .cert/key.pem
    mv cert.pem .cert/cert.pem
  5. Enable your certificate (.perm) like –

    "scripts": {
        "start": "HTTPS=true SSL_CRT_FILE='./.cert/cert.pem' SSL_KEY_FILE='./.cert/key.pem' react-scripts start",
        "build": "react-scripts build",
        "test": "react-scripts test",
        "eject": "react-scripts eject"
  6. now run with https://lochost:3000


Your server that serves files from that port needs to be configured to use your SSL cert. I'm guessing you are using webpack-dev-server on that port (that's what npm start does in create-react-app), and maybe a different server (apache, nginx, etc) on port 80?

You can either serve your compiled files using your already configured server, or configure webpack-dev-server to use your SSL cert.

To do this, you can use webpack-dev-server's --cert option. See

NOTE: you need an extra -- to pass arguments through npm run to the underlying command, e.g. npm start -- --cert ....

If you want to do this using npm start, which calls a custom start script, you'll have to edit that start script. You may need to use the eject command first, which dumps all the config code into your repo so you can change it.

Here is the source code of the start script:

I should also note that webpack-dev-server isn't intended to be used in a production environment.

Have fun!


To expand on Elad's answer:

    1. Create a self-signed certificate following the instructions linked to from
    1. Save the pem file (containing both the certificate and private key) somewhere in your project (e.g. /cert/server.pem)
    1. Modify your package.json scripts:
      "start": "HTTPS=true react-scripts start",
      "prestart": "rm ./node_modules/webpack-dev-server/ssl/server.pem && cp -f ./cert/server.pem ./node_modules/webpack-dev-server/ssl",


Update: see Andi's answer below. In recent version you should set environment variable to configure the certificate


Ejecting create-react-app is not recommended since you won't be able to seamlessly upgrade it. Moreover, you can easily have valid SSL certificate without ejecting.
You will need to copy your certificate to node_modules/webpack-dev-server/ssl/server.pem. The downside is that you need to manually copy the file. However, one way to make this seamless is to add a postinstall script that creates a symlink. Here is a script I created:

# With create-react-app, a self signed (therefore invalid) certificate is generated.
# 1. Create some folder in the root of your project
# 2. Copy your valid development certificate to this folder
# 3. Copy this file to the same folder
# 4. In you package.json, under `scripts`, add `postinstall` script that runs this file.
# Every time a user runs npm install this script will make sure to copy the certificate to the 
# correct location

SOURCE_LOCATION=$(pwd)/$(dirname "./local-certificate/server.pem")/server.pem

rm -f ${TARGET_LOCATION} || true
chmod 400 ${TARGET_LOCATION} # after 30 days create-react-app tries to generate a new certificate and overwrites the existing one. 
echo "Created server.pem symlink"

Your package.json should look something like:

"scripts": {
    "postinstall": "sh ./scripts/"
  • My solution is based on this thread

Related Query

More Query from same tag