Have you thought about making a public certificate at
localdev.letsencrypt.org for people to use on their local machines?
Users could then download the cert from somewhere and update their
/etc/hosts to have
The issue right now is in order to get a certificate users need (1) a machine that is on the real internet and they need (2) a personal domain.
A machine on the real internet
For many students this is not a real option. Their school is unlikely to punch a hole through the network’s firewall or NAT etc. Even if they’re at home reconfiguring their router to allow this is arguably an advanced step. If they’ve got siblings or roommates or whatever it that makes it even more of an advanced step. They could get an external server (AWS, Google Cloud, Digital Ocean) but that costs $$ (yea I know cheap but when you’re student even $ is prohibitive, if you’re a child forget it).
A registered domain
This is also $ and advanced to setup for a newbie / student
Having a public cert
localdev.letsencryrpt.org that’s updated every 30 or 60 days would allow people to at least have a way to test servers locally on that domain with a minimal amount of fuss.
Note: localdev.letsencrypt.org would not actually be a real site. While everyone would have access to the private key what does it matter? It’s one unused domain. In fact just put up a page if you want that says
If you’re seeing this page maybe you meant to add
Is this a good idea or bad idea? Why or why not?
One other idea would be to allow people to make up domains at letsencrypt.org. Example
Some website / API would let people get a cert any subdomain they make up. That would allow them to not have to have a machine on the public internet NOR register a domain and let them use that domain for testing publically and even sharing. For example if they wanted to run their server internally and let other clients on their lan access the server through HTTPS.
I thought about creating that service as a public service but it seems like it would be better for letsencrypt to do it? Maybe I can implement it (I’m a noob myself though) and letsencrypt might be willing to take it over?
In any case why is this a good or bad idea?