"Duplicate" certificate?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: forumserver.twoplustwo.com

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version): RHEL7

My hosting provider, if applicable, is: Rackspace Dedicated

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.6.0

My certificate for this site is on the servers of my an outside provider and I do not have a copy. This is normally fine but I don’t have a copy on my server and I need one to test some code on a new server. Is there a way to get a duplicate or temporary certificate that is not intended to be used by the public…just for testing purposes.

1 Like

If it’s just for testing purposes, why not use a self signed certificate?

1 Like

Wouldn’t that generate an error (need to accept the certificate?) I’m a bit out of my depth here.

1 Like

Yes, but depending on what you’re trying to do just accepting the self signed certificate for just your browser might be fine.

If a self signed certificate isn’t possible, it depends on some things if you can get a second Let’s Encrypt certificate. You’d need to be able to proof to Let’s Encrypt you’re the owner/administrator of the domain/hostname. I’m assuming the IP address your hostname is pointing to is the address of sever outside of your control, i.e., the server of that ‘outside provider’. So you can’t use the http-01 challenge. If you can’t use the http-01 challenge, you could use the dns-01 challenge. That would require control over the DNS zone of your hostname/domain. If you also don’t have that control, you can’t proof ownership of the hostname and therefore can’t get a Let’s Encrypt certificate.

1 Like

So you need a certificate for your personal use, on a development machine whose ip address is not in the dns records of your domain?

I think you should use minica to generate your certificate, add the root certificate it generates to your system/browser trust store, and use /etc/hosts to point your domain to the test machine.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.