Have you thought about making a public certificate at localdev.letsencrypt.org
for people to use on their local machines?
Users could then download the cert from somewhere and update their /etc/hosts
to have
127.0.0.1 localdev.letsencrypt.org
The issue right now is in order to get a certificate users need (1) a machine that is on the real internet and they need (2) a personal domain.
For real web developers that's not a problem but lots of devs are just experimenting with HTML/JavaScript etc. Browsers are deprecating features unless served over HTTPS. This makes it hard for many newbies and hobbiests to get started
-
A machine on the real internet
For many students this is not a real option. Their school is unlikely to punch a hole through the network's firewall or NAT etc. Even if they're at home reconfiguring their router to allow this is arguably an advanced step. If they've got siblings or roommates or whatever it that makes it even more of an advanced step. They could get an external server (AWS, Google Cloud, Digital Ocean) but that costs $$ (yea I know cheap but when you're student even $ is prohibitive, if you're a child forget it).
-
A registered domain
This is also $ and advanced to setup for a newbie / student
Having a public cert localdev.letsencryrpt.org
that's updated every 30 or 60 days would allow people to at least have a way to test servers locally on that domain with a minimal amount of fuss.
Note: localdev.letsencrypt.org would not actually be a real site. While everyone would have access to the private key what does it matter? It's one unused domain. In fact just put up a page if you want that says
If you're seeing this page maybe you meant to add
127.0.0.1 localdev.letsencrypt.org
to your
/etc/hosts
file?
Is this a good idea or bad idea? Why or why not?
One other idea would be to allow people to make up domains at letsencrypt.org. Example
someuserdecidedsubdomain.free.letsencrypt.org
Some website / API would let people get a cert any subdomain they make up. That would allow them to not have to have a machine on the public internet NOR register a domain and let them use that domain for testing publically and even sharing. For example if they wanted to run their server internally and let other clients on their lan access the server through HTTPS.
I thought about creating that service as a public service but it seems like it would be better for letsencrypt to do it? Maybe I can implement it (I'm a noob myself though) and letsencrypt might be willing to take it over?
In any case why is this a good or bad idea?