When should i apply certificates in my development cycle?

I’m developing wordpress sites. When i invoke certbot on my nginx server, certbot is looking for the site via it’s own dns connection, not the dsn rules on my server correct?

That means that I have to develop everything as http, publish the site, wait for the dns servers to propogate and then go in and change every instance of http to https.

Is there a way that i can develop everything as https to start with, and have certbot apply the certificates to a site that is not live?


Certbot is asking Let’s Encrypt, the certificate authority, to validate your ownership of the domain so that it can issue a certificate to you; the certificate authority then connects from its own infrastructure to perform that validation. The DNS lookup, therefore, is done by Let’s Encrypt, not Certbot, and it is done from their infrastructure, not your server.

I believe Wordpress has a setting for the base URL of the site that you can configure; if you use that to determine whether the site is on HTTP or HTTPS, you’ll only have to change it in one place. Another option is to use relative or protocol-relative URLs.

Note that you don’t have to wait for DNS to propagate because the Let’s Encrypt validation server always queries your authoritative name servers directly.

If you want to develop your site using HTTPS before it’s published, you can use a self-signed certificate; you will have to explicitly tell your browser to trust it, but that’s usually fine for a development site.

If you already have a registered domain and want a certificate for it before your site is up, you can use the DNS challenge; for a once-off certificate you might find a web-based client such as https://zerossl.com/ useful. Of course once your site is live you should set up a client that can do automated renewals instead (such as certbot).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.