Let's Encrypt staging CA

chromium / badssl.com

:lock: Memorable site for testing clients against bad SSL configs.

https://badssl.com

Apache License 2.0

2.81k stars 190 forks source link

Let's Encrypt staging CA #364

Open FiloSottile opened 6 years ago

FiloSottile commented 6 years ago

An endpoint with a certificate from the Fake Let's Encrypt CA would be nice to check for systems that trust it. https://letsencrypt.org/docs/staging-environment/

lgarron commented 6 years ago

This sounds like a a fun idea, although we don't use short-lived certs on badssl.com right now. Do you know of a good ACME client for nginx with minimal configuration?

There seem to be many that can work with external programs or cron jobs, but something with minimal maintenance like Caddy is probably the most practical.

That said, anything that works reliably on docker/server should be fine if we document it.

FiloSottile commented 6 years ago

Certbot is a popular option for cronjobs, but Caddy runs perfectly in Docker, and a Caddyfile like this is all it takes, plus wiring port 80 (for the challenge) and 443 up.


le-staging.badssl.com {
    tls you@example.com {
        ca https://acme-staging-v02.api.letsencrypt.org/directory
    }
    proxy / localhost:80 {
        transparent
    }
}

lgarron commented 6 years ago

If @christhompson can deploy it, I'm all for a PR to support this! :-D

Jemmy1228 commented 5 years ago

Do you know of a good ACME client for nginx with minimal configuration?

How about acme.sh? It only needs bash and cron as I think