1

How should development teams handle renewing certificates while avoiding limits (because many dev servers are renewing the same certs) and avoid verification issues due to firewall?

We've already successfully implemented Let's Encrypt in our live environments, with automatic renewals, but we find it annoying/frustrating not to be able to use the same setup in development environments with automatic renewals due to (1) multiple, simultaneous renewals for the same domains which would breach quota limits, and (2) not being able to verify during the renewal process due to firewall issues preventing verifying by the webroot method.

It's important for the development environment to mirror the live environment as much as possible but this breaks with Let's Encrypt. I'm hoping there's a way to get them as close as possible.

Thanks,

Shovas
  • 263
  • 2
  • 11

1 Answers1

2

Use the Let's Encrypt Staging Environment. It's a different endpoint that allows many more requests, but otherwise operates the same as the production LE environment.

Tim
  • 31,888
  • 7
  • 52
  • 78
  • As I understand it, it would also have problems due to our firewall? – Shovas May 10 '17 at 23:31
  • The websites need to be publicly addressable if you want an https certificate using Let's Encrypt using the web challenge method. There are other challenge methods, such as DNS, but I haven't used them. – Tim May 10 '17 at 23:58