badssl.com icon indicating copy to clipboard operation
badssl.com copied to clipboard
verified publisher icon chromium

Let's Encrypt staging CA

Open FiloSottile opened this issue 7 years ago • 4 comments

An endpoint with a certificate from the Fake Let's Encrypt CA would be nice to check for systems that trust it. https://letsencrypt.org/docs/staging-environment/

FiloSottile avatar Sep 04 '18 01:09 FiloSottile

This sounds like a a fun idea, although we don't use short-lived certs on badssl.com right now. Do you know of a good ACME client for nginx with minimal configuration?

There seem to be many that can work with external programs or cron jobs, but something with minimal maintenance like Caddy is probably the most practical.

That said, anything that works reliably on docker/server should be fine if we document it.

lgarron avatar Sep 04 '18 07:09 lgarron

Certbot is a popular option for cronjobs, but Caddy runs perfectly in Docker, and a Caddyfile like this is all it takes, plus wiring port 80 (for the challenge) and 443 up.

le-staging.badssl.com {
	tls [email protected] {
		ca https://acme-staging-v02.api.letsencrypt.org/directory
	}
	proxy / localhost:80 {
		transparent
	}
}

FiloSottile avatar Sep 04 '18 15:09 FiloSottile

If @christhompson can deploy it, I'm all for a PR to support this! :-D

lgarron avatar Sep 04 '18 20:09 lgarron

Do you know of a good ACME client for nginx with minimal configuration?

How about acme.sh? It only needs bash and cron as I think

Jemmy1228 avatar Nov 23 '18 14:11 Jemmy1228