I have a question about using certificates issued by Let's Encrypt in test environment. Let's say I have production certificate and use it in my local development environment by changing hosts file to resolve public DNS name I own to localhost or some internal server. Am I violating Let's Encrypt Subscriber Agreement or not?
I am in doubt after reading section 3.6 "Installation and Use of Your Certificate" which contains this text:
... and You agree, that You will install Your Certificate only on servers that are accessible at the subjectAltName(s) listed in Your Certificate...
Personally, I don't understand why this would really even need to be mentioned in the SA, nonetheless enforced. If someone wants to try to utilize a certificate in unconventional and potentially ineffective/dangerous ways, I would think that ensuring the user understands that the onus and all consequences of the user's actions lay squarely with the user would be the order of the day. Just my opinion here. Granted, to my understanding, Let's Encrypt owns the certificates they produce and has the right/responsibility to prevent misuse of their property, so that probably comes into play too.
That is fine. I can't talk about the exact motivation of that passage, but the exact use case you shared is commonly used, as are "split horizon" DNS systems - which that essentially is.