Many website developers run local development servers, whether Apache, Caddy, node.js-based, or hundreds more. It can be inconvenient to develop using HTTP insecurely, since security features cannot be fully tested or correctly configured for uploading files to a corresponding remote production website.
I have come up with my own method for using HTTPS in my local development, which I describe below. But my suggestion to Let’s Encrypt would be to include support for local development servers (either by Acme-certbot or some other protocol).
I’m not including a specific design, but I would hope that local development servers could be supplied automatically with certificates compatible with or identical to certificates already installed on remote production websites.
I use cPanel for my production websites. What I’ve done is use cPanel or WHM to add a subdomain “local.example.com” for existing production website “example.com”. There is no need for a corresponding remote directory, or a need for corresponding DNS entries. This subdomain is only created so it will be part of the Let’s Encrypt certificate on the remote production server.
Then, in my local development server, I enable HTTPS for a website using certificate files copied from the corresponding production website. When I want to address my local development server in a URL, I use the address “https://local.example.com/…” (the “https://” can be omitted when the website uses HTTPS automatically). Note that the local HOSTS file must have an entry “127.0.0.1 local.example.com” so the local server will be used for this subdomain.
A big advantage of this method is that browser windows can be open simultaneously to local and remote versions of the same website without further changes to the HOSTS file and without ambiguity in the domain name.
The only problem with this approach is that the local certificates expire and must then be refreshed manually by copying from the remote production server.
So, my suggestion is that Let’s Encrypt include an optional automatic procedure for making sure that local development servers have current copies of remote certificates, or perhaps automatic certificates of its own. This would further encourage and support a secure Web.