The simplest way to make locally-trusted certificates is to use mkcert, a simple zero-config tool.
Assuming a macOs machine, the process is the following:
Install the local CA in the system trust store
Generate the certicate for any names you’d like. Here I’m generating one for newsletter.local
Point the new name to the local address in the
/etc/hosts) file if it doesn’t exist already
Here we’re loading the certificates in nginx:
Assuming everything was set up correctly we can now see that
https://newsletter.local is now using a locally-trusted self-signed certificate, and it’s valid for two years.