Development sites

Hi. When I’m developing a website, I often do it on a virtual machine inside my own network, behind a NAT router, long before it becomes publicly accessible. Very often I’ll add something like dev.example.com to the hosts file to refer to the VM. And until LE came along, I’d set it up with a self-signed certificate.

It’s much better if I can use a proper certificate (not least because of the constant browser warnings, even though I know why they happen). If I have control over the domain name, I can use the DNS method to get a certificate, which is fine especially as my usual registrar has an API to their DNS to allow me to do this automatically.

But if I’m developing for someone else, especially a subdomain of an existing domain, I don’t have access to the DNS. The HTTP method won’t work because the server isn’t publicly accessible. Obviously, when I eventually make a publicly accessible staging version for the client, I can then use the HTP method then (and even if I put staging behind a password, I can make an exception for the acme-challenge directory).

Any suggestions for the dev sites? Maybe I should always just do it as client.domain-i-own.com rather than dev.client.com, just doesn’t seem as neat really.

This might be the most straight-forward approach.

It seems like if you can’t control the DNS and you also can’t make the development instance publicly available for the validation authority then you should probably continue using a self-managed PKI instead of the web PKI. Let’s Encrypt might not be a good fit for this deployment model.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.