Difference with mkcert?

[ayZagen]

Sorry if this question is not making sense or irrelevant, maybe it is apples vs oranges. I am not expert on these tools or their internals but just curios end-user.

It would be great if someone could explain the differences between mkcert and acme.sh

[loyeyoung]

I believe the difference is that mkcert automates locally trusted (i.e., self-signed) certificates.

[jdevera]

mkcert is for local development. It sets up a small private certificate authority on your computer and issues certificates that your own machine trusts. That way, you can run https://localhost or test servers on your LAN without browser warnings, but those certs are not trusted by anyone else unless you install your local authority on their machines too.

acme.sh is for real servers on the Internet. It talks to public certificate authorities like Let’s Encrypt to prove you own a domain and get certificates that every browser and client already trusts. It also automates renewals, so your public site or API stays secure without manual work.

Rule of thumb: use mkcert for local testing, and acme.sh for anything other people will connect to.

Having said this, I started my home lab with something like mkcert (which I built myself to learn), and it ended up becoming a pain when I tried to access a local server from different devices, even within my own internal network. Personally, I think development and testing are the only instances where the simplicity of mkcert is worthwhile.