SSL Errors

`tls: certificate not trusted`

The client doesn’t trust the APXY root CA:


# Option 1: Pass the CA to curl
curl -x http://localhost:8080 --cacert certs/ca.crt https://example.com
 
# Option 2: Trust system-wide (macOS)
sudo apxy certs trust
 
# Option 3: Regenerate certs
rm -rf certs/
apxy certs generate

Proxy starts but HTTPS requests fail

Verify the CA exists:
```
apxy certs info
```
Verify the cert files exist:
```
ls -la certs/
```

Try regenerating:


rm -rf certs/
apxy certs generate
sudo apxy certs trust

Certificate not trusted after regeneration

On macOS, you need to re-trust the new CA:


rm -rf certs/
apxy start
# macOS will prompt for your password to trust the new CA

Or manually:


apxy certs generate
sudo apxy certs trust

Per-tool certificate trust

Some tools don’t use the system certificate store:


# cURL
curl --cacert ~/.apxy/certs/ca.crt https://example.com
 
# Node.js
export NODE_EXTRA_CA_CERTS=~/.apxy/certs/ca.crt
 
# Python (requests)
export REQUESTS_CA_BUNDLE=~/.apxy/certs/ca.crt

SSL interception not working for a domain

HTTPS MITM is opt-in by default. Enable it for the domain:


apxy ssl enable --domain api.example.com

Or create a mock rule for that domain — APXY automatically enables SSL interception for mocked domains.