Staging Environment

Last updated: May 12, 2025
Lihat semua Dokumentasi

Laman web ini belum di terjemahkan. Anda dapat ikut berkontribusi di sini.

We highly recommend testing against our staging environment before using our production environment. This will allow you to get things right before issuing trusted certificates and reduce the chance of your running up against rate limits.

The ACME URL for our ACME v2 staging environment is:

https://acme-staging-v02.api.letsencrypt.org/directory

If you’re using Certbot, you can use our staging environment with the --test-cert or --dry-run flag. For other ACME clients, please read their instructions for information on testing with our staging environment.

Note that ACME accounts are scoped to each environment, and thus a separate account for the staging environment is required. Certbot handles this for you.

Rate Limits

The staging environment uses the same rate limits as described for the production environment but with different values:

The New Registrations per IP Address limit is 50 per 3 hours.
The New Registrations per IPv6 Range limit is 500 per 3 hours (the same as production).
The New Orders per Account limit is 1500 per 3 hours.
The New Certificates per Registered Domain limit is 30000 per second.
The New Certificates per Exact Set of Hostnames limit is 30000 per week.
The Authorization Failures per Hostname per Account limit is 200 per hour.
The Consecutive Authorization Failures per Hostname per Account limit is 3600 per 6 hours.

The Overall Requests Limits are:

Endpoint	Requests per IP (per second)	Burst Capacity
/acme/new-nonce	20	10
/acme/new-account	5	15
/acme/new-order	20	40
/acme/revoke-cert	10	100
/acme/renewal-info	1000	100
/acme/*	20	20
/directory	40	40

Staging Certificate Hierarchy

The staging environment has a certificate hierarchy that mimics production. The names have been modified with a prefix of (STAGING) and unique name to make them clearly distinct from their production counterparts.

Root CAs

The staging environment has two active root certificates which are not present in browser/client trust stores: “(STAGING) Pretend Pear X1” and “(STAGING) Bogus Broccoli X2”.

If you wish to modify a test-only client to trust the staging environment for testing purposes you can do so by adding their certificates to your testing trust store. Important note: Do not add the staging root or intermediate to a trust store that you use for ordinary browsing or other activities, since they are not audited or held to the same standards as our production roots, and so are not safe to use for anything other than testing.

Pretend Pear X1
- Subject: O = (STAGING) Internet Security Research Group, CN = (STAGING) Pretend Pear X1
- Key type: RSA 4096
- Certificate details: der, pem, txt
Bogus Broccoli X2
- Subject: O = (STAGING) Internet Security Research Group, CN = (STAGING) Bogus Broccoli X2
- Key type: ECDSA P-384
- Certificate details (self-signed):