Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My web server is (include version): nginx open-resty 1.2
The operating system my web server runs on is (include version): Ubuntu 14.4
My hosting provider, if applicable, is: self
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): none
When I test and develop, I set change my local copy of /etc/hosts to point my domain to a different server.
Ever since we started using Let’s Encrypt, this strategy fails. I have to hammer my way through browser warnings.
I call this “staging” but it’s not clear to me you mean the same thing when you talk of staging.
How can I have a valid cert for a domain which really is in production but also for my own (live on the net) test/dev?
The same exact cert?
Copy it from one server to the other.
A cert covering a similarly name?
Certs are normally issued to the system at the IP of that name.
Since two systems are (should be) at two different IPs, that is not possible with ordinary authentication.
You would have to use DNS authentication - which does not validate your against any specific IP.
Two different names (like: domain.com & dev.domain.com)?
Is simple, as the names are unrelated.
You can issue each cert in the same way and independent of the other.
One name goes to one IP/system, while the other name goes to the other IP/system.
Here we are again. It works one day, it’s gone the next. The folder contents on both servers are identical.
You asked too see fullchain.cer. Here is it:
brownhanky@tallone:~/.acme.sh/my.brownhanky.com$ cat fullchain.cer
-----BEGIN CERTIFICATE-----
MIIGDjCCBPagAwIBAgISBMu7vGcMIDGpRTm0eVC9AvawMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA5MjAwNjIxMDhaFw0x
ODEyMTkwNjIxMDhaMBwxGjAYBgNVBAMTEW15LmJyb3duaGFua3kuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Qp5bNLbiySY+sINhl8o5KxEFdhc
b612JZsVRaNqk4mdg/lv31ENJfCnRY+aKa1Dik+QCMcameGHoBV2M5rUCXXV1yev
1W+fkE5EzQ3N+9nE32UDYUh8dOU912wi0uggiVIpizDd2pnh0+FcOa/1ACAJih40
GSLlcZKPqmVoEG6tDOeJCTMfRDK+Tg0DK7wuRYogPWGMnoxGrErxVpgzm1NrXvE/
GcgpzeNFaf/AX8lCLBg4CypxCDqTS0TZlU6RbuL3jwPSYfAJzo6QvOI1UMsS1LFc
rmEKN4hi+oXOq+trQfVA2wIR1wmHEvotlglunfNOaMxTPtkwGAmtnpP9EQIDAQAB
o4IDGjCCAxYwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQfTbbBM+wDBq39rBNmSIAL
tkYvnjAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB
AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw
dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw
dC5vcmcvMBwGA1UdEQQVMBOCEW15LmJyb3duaGFua3kuY29tMIH+BgNVHSAEgfYw
gfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0
cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBD
ZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBh
cnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0
ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3Np
dG9yeS8wggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwDbdK/uyynssf7KPnFtLOW5
qrs294Rxg8ddnU83th+/ZAAAAWX12pdpAAAEAwBIMEYCIQDoG9zc0kzN8Szvn+jP
APdrm9gAEG8U2ADcfsm05Ns4+AIhAKE3JB6iiE57yHxhrpEOBdAvIfBl/yPORB4f
xZ+6cVetAHYAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgAAAFl9dqZ
qQAABAMARzBFAiEA2c4jB0o/Iifde2YEOESqUeX5ku4RRjOztbzHNQaTYfICIBmO
Ty9b357ZSrVDb+XUC6+tDCPH7KH7sugN2gTCAP9yMA0GCSqGSIb3DQEBCwUAA4IB
AQCU5V032B1yE1ozkn5uMxxW2x5wJUhDtmtDLeg7CaFJU4WFxpaI+pXuDEscuI/d
2bTl42Xzyl8rrIzVtTIkfIoYc54DnBMOJhYHFuO1RzekJP0Ae8auS6egooSbWam7
ikOdERmuwfaH/HSrGM21D/g6oX4/AFouyqD6tC1rfr/ZaRgUeYCMsVFgTFATzBrr
PtHsJtR/6roxJxfghUrWzwNSu/33jt0PFSXAcvhtSGgdg1pJ8640TDbCsv0JUks8
ZEoLnFbfOXmgzjUsKww8Pye5dbruCT2KoMLDvUnlPqD0jhFmsB6lcWYEXpool6M7
twaJcYnwZ4b39TYfa+a7K++J
-----END CERTIFICATE-----
brownhanky@tallone:~/.acme.sh/my.brownhanky.com$
as domain name, you can use it 2018-12-19. Did you copy the private key? To use one certificate with different servers / code, this isn't a problem. Copy and use it.
Something is NOT right with that picture!
The CERT and FULLCHAIN should NOT be the same size:
The CERT should be only one cert.
While the FULLCHAIN should be that CERT plus at least one intermediate CHAIN cert.
Here is an example of what I mean: -rw-r--r-- 1 root root2159Sep 13 02:20 cert1.pem -rw-r--r-- 1 root root 1647 Sep 13 02:20 chain1.pem -rw-r--r-- 1 root root3806Sep 13 02:20 fullchain1.pem -rw-r--r-- 1 root root 1704 Sep 13 02:20 privkey1.pem
The cert size is 2159
And the fullchain size is 3806 (2159+1647) [cert + chain]