Using mkcert to create certificates for valet-linux applications

valet-mkcert

#!/usr/bin/env bash
# Usage: valet-mkcert <domain>

DOMAIN=$1

if [ -z "$DOMAIN" ]; then
  echo "Usage: valet-mkcert <domain.test>"
  exit 1
fi

CERT_DIR="$HOME/.valet/Certificates"
NGINX_DIR="$HOME/.valet/Nginx"

# 1. Link the site if not already
if ! valet links | grep -q "$DOMAIN"; then
  echo "🔗 Linking $DOMAIN ..."
  valet link "$DOMAIN"
fi

# 2. Generate mkcert certs (apex + www + wildcard)
echo "🔑 Generating mkcert certificate for $DOMAIN ..."
mkcert -cert-file "$CERT_DIR/$DOMAIN.crt" \
       -key-file  "$CERT_DIR/$DOMAIN.key" \
       "$DOMAIN" "www.$DOMAIN" "*.$DOMAIN"

# 3. Build a fullchain file (cert + CA) so Chrome is happy
cat "$CERT_DIR/$DOMAIN.crt" "$(mkcert -CAROOT)/rootCA.pem" > "$CERT_DIR/$DOMAIN.fullchain.crt"

# 4. Update Nginx site config
SITE_CONF="$NGINX_DIR/$DOMAIN"

if [ ! -f "$SITE_CONF" ]; then
  echo "❌ Could not find Nginx config for $DOMAIN in $NGINX_DIR"
  exit 1
fi

echo "📝 Updating Nginx SSL paths for $DOMAIN ..."
sed -i "s|ssl_certificate .*|ssl_certificate $CERT_DIR/$DOMAIN.fullchain.crt;|" "$SITE_CONF"
sed -i "s|ssl_certificate_key .*|ssl_certificate_key $CERT_DIR/$DOMAIN.key;|" "$SITE_CONF"

# 5. Restart Valet
echo "♻️ Restarting Valet ..."
valet restart

echo "✅ $DOMAIN is now secured with mkcert."