@schoen once Letsencrypt client goes live, will there be any sandbox mode feature where you do a dry run to obtain SSL certs prior to doing it for real ?
I don’t think this would be very practical, because once the certs are issued on the CA side they exist and are publicly disclosed. We can’t exactly ask the CA to simulate that step.
thanks for the clarification
Actually, I think you could - by using a different CA to sign, perhaps even one not in a HSM. Call it “Let’s Encrypt Dry Run CA (Do Not Trust)”, maybe