Did you need a publicly-trusted certificate for these test environment hosts, or did you just need a self-signed certificate that you can manually accept on your own devices?
Do the test environment hostnames use a publicly-registered domain name that you control yourself, even if that name isn’t resolvable to the test environment by the rest of the Internet?
I am doing work with HSTS and other APIs so I I can’t use self-signed certificates. I need to replicate the production environment as much as possible.
I do have the production domains like racetickets.com publicly accessible both to HTTP and DNS.
These are the options for proving control of a name to Let’s Encrypt:
Just to be clear, the name itself does not have to be defined in the public DNS (if you use the DNS-01 method) as long as TXT records related to it can be created temporarily. And the certificate does not necessarily have to be created on the machine that’s eventually going to use it, if you have a way to transfer the files between machines.
I’m not sure I’ve understood your constraints well enough to offer more detailed advice, so feel free to try to explain further and we can think about it further.