Running HTTP when your production site is HTTPS-only is definitely an unnecessary risk. When it doesn’t, you invite more issues showing up in production that didn’t show up in dev.
You definitely want your dev environment to mirror production as closely as possible. The production site is an Ubuntu server running on Linode with an almost identical configuration. For example, my dev environment for this site () runs as an Ubuntu server in a VMware virtual machine (VM) on his Mac.
Why not just use regular HTTP locally? Because if your production site is HTTPS-only and you’re developing locally on regular HTTP, your dev and production environments are not as similar as they could be. In this article, we’ll walk through creating your own Certificate Authority for your local servers so that you can run HTTPS sites locally without issue. Even if you do manage to wrestle self-signed certificates into submission, you still end up with browser privacy errors. Setting up HTTPS locally can be tricky business.