I'm sure this is a typical scenario, but I can't find the appropriate sequence of steps.
I have a www.example.com server at (say) 1.1.1.1 running Apache. I am building a new server at 2.2.2.2 using Caddy. For testing, I put 2.2.2.2 www.example.com in my local /etc/hosts. Once all is working, I will repoint the www.example.com DNS entry to Caddy.
The problem is I can't start Caddy on 2.2.2.2 to serve www.example.com.
I get
[www.example.com] failed to get certificate: acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://www.example.com/.well-known/acme-challenge/6Xc4_oq6r0de25CtrYIw59YeVHvUWQ9Ag6H3XbGx8y0:
which I assume is caused by the DNS entry for www.example.com pointing to 1.1.1.1, not 2.2.2.2
So how do I get certs and start Caddy so I can test www.example.com on 2.2.2.2 before updating the public DNS entry?
Make up a new name for the test server, for example test.example.com.
Point the DNS A record for test.example.com to the same address as for www.example.com.
Get a Let's Encrypt certificate containing both names. Let's Encrypt lets you put how many names you want in the certificate.
Once you have the certificate, point the DNS A record for the test server to the new address. Now you can use the same certificate both in the production server and the test server.