Using Let's Encrypt certificate in test environment

Hi!

I have a question about using certificates issued by Let's Encrypt in test environment. Let's say I have production certificate and use it in my local development environment by changing hosts file to resolve public DNS name I own to localhost or some internal server. Am I violating Let's Encrypt Subscriber Agreement or not?

I am in doubt after reading section 3.6 "Installation and Use of Your Certificate" which contains this text:

... and You agree, that You will install Your Certificate only on servers that are accessible at the subjectAltName(s) listed in Your Certificate...

1 Like

Well, it does not say accessible by whom or by which IP address. You're connecting to it using a server locally accessible by the SAN, right?

Disclaimer: just food for thought, I'm not Let's Encrypt staff nor a lawyer.

5 Likes

I don't see how that use is in violation.
[presuming you obtained the cert legitimately]

5 Likes

Personally, I don't understand why this would really even need to be mentioned in the SA, nonetheless enforced. If someone wants to try to utilize a certificate in unconventional and potentially ineffective/dangerous ways, I would think that ensuring the user understands that the onus and all consequences of the user's actions lay squarely with the user would be the order of the day. Just my opinion here. Granted, to my understanding, Let's Encrypt owns the certificates they produce and has the right/responsibility to prevent misuse of their property, so that probably comes into play too.

7 Likes

That is fine. I can't talk about the exact motivation of that passage, but the exact use case you shared is commonly used, as are "split horizon" DNS systems - which that essentially is.

7 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.