Let’s Encrypt Staging. Safely.

Let's Encrypt. One of the best things done in recent years. It makes it simple and free to have decent TLS security. There's really no excuse not to now.

One minor challenge has been the 'staging' environment. You want to use this when you are debugging your setup,  automatically creating certificates for the first time, etc. They have a generous but not unlimited set of certificates you can create per time and you don't want to hit this limit because your un-debugged script went nuts. So for this they make the staging environment available.

Now the only problem with the staging environment, the intermediate certificate is not in the root store of your browser. And there's a reason. They don't hold it to the same standard (its for debugging after all).

So let's say you have a shiny new .dev domain. Its in the HSTS store of your browser, and you want to use Let's Encrypt staging.

Well, you can simply import the staging intermedate cert into a new browser profile, one that is only used for this testing. Download the Fake LE Intermediate X1. Run a chrome with google-chrome --profile-directory=lets-encrypt-staging-trust. And then in it, import this cert. Use this profile, and only this profile, for your testing.

Import the certificate by opening chrome://settings/certificates?search=certif and then select 'authorities'. This browser has none of your bookmarks, saved passwords, etc. So don't make it sync them 🙂

Have fun using the Let's Encrypt staging environment. When done, don't forget to switch to the live environment tho!

I made a .desktop file and special icon so i could launch it like my regular browser, as below, but this is not required.

$ cat ~/.local/share/applications/chrome-le.desktop 
[Desktop Entry]
Exec=google-chrome-beta "--profile-directory=lets-encrypt-staging-trust"
GenericName=chrome-le
Icon=Pictures/chrome-le.png
Name=chrome-agilicus-le
NoDisplay=false
Path=
StartupNotify=false
Terminal=false
Type=Application
X-DBUS-ServiceName=
X-DBUS-StartupType=none

Leave a Reply

Your email address will not be published. Required fields are marked *

*