Testing on a local machine?

Is it possible to use letsencrypt on a local machine? My understanding so far is no, because the machine has to be reachable on the internet at some public domain name. Is that correct?

Here’s what I have at the moment. I’m running docker in virtualbox VM on OSX. Inside I have a container running nginx with letsencrypt as reverse proxy for another container.

On my mac I’ve edited /etc/hosts to have a local.mydomain.com 192.168.99.100 entry. I also put an entry in the VM for itself.

AFAICT that’s not enough, letsencrypt.org needs to be able to see local.mydomain.com which means I either need to setup some kind of dynamic dns solution or I just can’t do dev on local machine anymore and need to do it on some public facing server.

This this correct?

Yes, your domain needs to be publicly resolvable and access to port 80 or 443 needs to be possible from the internet.

For development purposes, you could run your own instance of boulder, the CA server behind Let’s Encrypt. This would be possible from inside your own network. The docs (kind of) explain this here: https://letsencrypt.readthedocs.org/en/latest/contributing.html#integration-testing-with-the-boulder-ca. More info can be found in the boulder repo on GitHub.