Multisite Dev and Test Environment

I host 12 public domains all actively running under a SAN cert.

Question pertains to my Development & Test environments that do not have public DNS or HTTP access and run on Windows.

What clients could best be used to generate the SAN for my two internal environments?
I have full admin control over the servers.

Hi @tarrc,

Did you need a publicly-trusted certificate for these test environment hosts, or did you just need a self-signed certificate that you can manually accept on your own devices?

Do the test environment hostnames use a publicly-registered domain name that you control yourself, even if that name isn’t resolvable to the test environment by the rest of the Internet?

I am doing work with HSTS and other APIs so I I can’t use self-signed certificates. I need to replicate the production environment as much as possible.

I do have the production domains like publicly accessible both to HTTP and DNS.

Are you using something like or for the internal names?

Yes. That would be correct.

Can you create DNS records via an API?

I won’t be able to make any firewall adjustments to handle the DNS entries. So not sure that would be a feasible option.

These are the options for proving control of a name to Let’s Encrypt:

Just to be clear, the name itself does not have to be defined in the public DNS (if you use the DNS-01 method) as long as TXT records related to it can be created temporarily. And the certificate does not necessarily have to be created on the machine that’s eventually going to use it, if you have a way to transfer the files between machines.

I’m not sure I’ve understood your constraints well enough to offer more detailed advice, so feel free to try to explain further and we can think about it further.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.