Is there a way to develop a letsencrypt ACME client locally without having a real domain that can be verified? Eg. would is there some test domain that can be used together with the LE sandbox server to fake successful domain verifications?
Or is the only way to test and debug a letsencrypt client by deploying it to a real domain and generating real certificates? How could this be integrated into CI?
The simplest way I could find is using https://ngrok.com/ - It opens a tunnel to your local webserver that can be browsed via a public subdomain on ngrok.io. You can then easily test the full circle of domain verification for this subdomain. You can even start multiple tunnels and have multiple subdomains for testing SAN certificates.
ngrok provides a local Web-API from where the current tunnel address can be read, this way tests could be automated in continuous integration.