Apologies for not following the format. I’m not using LE yet, but am still trying to gather some information regarding certificates generated by LE (or any CA).
Let’s assume we’re working with the following (sub)domain name: app.example.com.
This domain points to the following public IP 123.123.123.123.
Both the domain name and IP are under my control.
The certificate is generated on the machine reachable at the above mentioned IP, and all is well.
I now copy the certificate to a web server on a private network, let’s say: 192.168.1.1 and have it load and use the certificate.
On the client machine I change the hosts file to point app.example.com to 192.168.1.1, and try to reach https://app.example.com. Will this successfully serve the web page over HTTPS using the previously generated certificate?
After some digging and gathering information from different sources, I believe this is possible, but I’m not 100% sure. So, I hope to get some clarification here.
Thank you for confirming!
So, if it also works with 127.0.0.1, that means I’ll also be able to run the web server locally for testing purposes.
Another question: what happens when the certificate has expired, and in the meantime the public IP has also changed? If the certificate isn’t hard-linked to an IP address, this mean I’d be able to point the domain name to the new IP and renew the certificate without issues, correct?
Correct. If your public hostname has been updated properly, you can get a new certificate.
Although I'm not sure if getting a Let's Encrypt certificate for a local webserver is the most appropriate choice. See Certificates for localhost - Let's Encrypt for more information.