Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: forumserver.twoplustwo.com
My web server is (include version): apache 2.4
The operating system my web server runs on is (include version): RHEL7
My hosting provider, if applicable, is: Rackspace Dedicated
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): certbot 1.6.0
My certificate for this site is on the servers of my an outside provider and I do not have a copy. This is normally fine but I don’t have a copy on my server and I need one to test some code on a new server. Is there a way to get a duplicate or temporary certificate that is not intended to be used by the public…just for testing purposes.
If it’s just for testing purposes, why not use a self signed certificate?
Wouldn’t that generate an error (need to accept the certificate?) I’m a bit out of my depth here.
Yes, but depending on what you’re trying to do just accepting the self signed certificate for just your browser might be fine.
If a self signed certificate isn’t possible, it depends on some things if you can get a second Let’s Encrypt certificate. You’d need to be able to proof to Let’s Encrypt you’re the owner/administrator of the domain/hostname. I’m assuming the IP address your hostname is pointing to is the address of sever outside of your control, i.e., the server of that ‘outside provider’. So you can’t use the
http-01 challenge. If you can’t use the
http-01 challenge, you could use the
dns-01 challenge. That would require control over the DNS zone of your hostname/domain. If you also don’t have that control, you can’t proof ownership of the hostname and therefore can’t get a Let’s Encrypt certificate.
So you need a certificate for your personal use, on a development machine whose ip address is not in the dns records of your domain?
I think you should use minica to generate your certificate, add the root certificate it generates to your system/browser trust store, and use
/etc/hosts to point your domain to the test machine.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.