Skip to content
LocalStack Docs LocalStack Docs Docs
Get Started for Free
Starting on March 23, 2026, LocalStack for AWS will consolidate into a single image that requires authentication. Learn more about what’s changing and what this means for your setup in this blog post.

HTTPS/TLS Support

Introduction

Section titled “Introduction”

LocalStack provides TLS certificates for the localhost.localstack.cloud domain, which allows secure HTTPS access to service endpoints using region-specific hostnames such as:

https://s3.us-east-1.localhost.localstack.cloud:4566

These certificates enable proper hostname validation for supported AWS regions when using HTTPS with SDKs, the AWS CLI, browsers, and other tools.

Supported Regions

Section titled “Supported Regions”

Due to certificate authority and infrastructure limitations, TLS certificates are currently only issued for a subset of AWS regions. If you attempt to use an unsupported region, you may encounter TLS errors such as:

SSL: CERTIFICATE_VERIFY_FAILED
hostname mismatch
x509: certificate is not valid for any names

The full list of supported regions is available here:

  • us-east-1
  • us-east-2
  • us-west-1
  • us-west-2
  • eu-central-1
  • eu-west-1

Why this limitation exists

Section titled “Why this limitation exists”

TLS certificates must explicitly include supported hostnames. Because each region requires hostname coverage, and certificate authorities impose size and validation constraints, it is currently not possible to include all AWS regions in the LocalStack certificate.

We are actively working to expand coverage where technically feasible.