This sets up a publically-available domain that loops back to localhost IP address 127.0.0.1. For example, this address could be localhost.example.com if we controlled the example.com domain. This relies on having a public domain name whose DNS records you can control. We can then generate LetsEncrypt certificates for this domain.
Our HTTP server runs on localhost:80 (default HTTP port). This lets us visit http://localhost.example.com in a web browser and see the server running on localhost:80.
We then run an HTTPS proxy server on localhost:443 (default HTTPS port) that uses the LetsEncrypt certificates we generated for localhost.example.com. Visiting https://localhost.example.com hits the proxy, which returns the correct certificates meaning the browser displays the "Secure" message. The proxy then passes the request through to the HTTP server.
- it's very convoluted
- private keys etc need to be distributed to any machine running the server
- must have control of DNS records on domain
- LetsEncrypt certificates expire so the whole process must be repeated to get new ones (steps 5-9 below)
- ...?
- 
Create the loopback A record for localhost.example.com:In your DNS provider's control panel: 
      Type: A
      Name: localhost.example.com.
      Data: 127.0.0.1
      TTL: 3600
- After a while, the following command:
    $ dig a localhost.example.com.
    ;; ANSWER SECTION:
    localhost.example.com.	3599 IN	A	127.0.0.1
- Install LetsEncrypt's certbot so we can generate a valid SSL cert:
    brew install certbot
- Generate a SSL cert for your domain using the DNS challenge type which means you won't need to have a server running on this domain:
    sudo certbot certonly --config-dir . --work-dir . --logs-dir . --manual --preferred-challenges dns
- Enter the domain name when prompted:
    localhost.example.com
- 
Ok with logging? Yes 
- 
Add the DNS record and TXT value in your DNS provider's control panel as requested by certbot. Do not press Enter until it's been deployed. 
- 
There are a few more questions then certbot will have generated files in the directory you ran the command in: 
    live
    └── localhost.example.com
        ├── README
        ├── cert.pem
        ├── chain.pem
        ├── fullchain.pem
        └── privkey.pem
- Use the redbox proxy to point to the generated certificates and start on port 443:
    sudo node redbird-proxy.js live/localhost.example.com/
- Set the API_URLin.envto:
    API_URL=https://localhost.example.com/api
- Start HTTP client on port 80 (edit .env to set PORT=80)
    sudo npm start
The HTTPS server should be available without any browser warnings. HTTP version will be available on http://localhost.example.com.
I'm using similar approach to test a WebRTC solution inside my network. I also have created a free .TK domain using freenom.com.
Thank you very much.