We highly recommend testing against our staging environment before using our production environment. This will allow you to get things right before issuing trusted certificates and reduce the chance of your running up against rate limits.
The ACME URL for our ACME v2 staging environment is:
https://acme-staging-v02.api.letsencrypt.org/directory
If you’re using Certbot, you can use our staging environment with the --test-cert or --dry-run flag. For other ACME clients, please read their instructions for information on testing with our staging environment.
Note that ACME accounts are scoped to each environment, and thus a separate account for the staging environment is required. Certbot handles this for you.
The staging environment uses the same rate limits as described for the production environment but with different values:
The Overall Requests Limits are:
| Endpoint | Requests per IP (per second) | Burst Capacity | 
|---|---|---|
| /acme/new-nonce | 20 | 10 | 
| /acme/new-account | 5 | 15 | 
| /acme/new-order | 20 | 40 | 
| /acme/revoke-cert | 10 | 100 | 
| /acme/renewal-info | 1000 | 100 | 
| /acme/* | 20 | 20 | 
| /directory | 40 | 40 | 
The staging environment has a certificate hierarchy that mimics production. The names have been modified with a prefix of (STAGING) and unique name to make them clearly distinct from their production counterparts.
The staging environment has two active root certificates which are not present in browser/client trust stores: “(STAGING) Pretend Pear X1” and “(STAGING) Bogus Broccoli X2”.
If you wish to modify a test-only client to trust the staging environment for testing purposes you can do so by adding their certificates to your testing trust store. Important note: Do not add the staging root or intermediate to a trust store that you use for ordinary browsing or other activities, since they are not audited or held to the same standards as our production roots, and so are not safe to use for anything other than testing.
The staging environment has intermediate certificates that mimic production, issued from the untrusted roots detailed above. Like in production, not all are in use at any time. The full list of current intermediates is:
These intermediates are subject to change at any time, and should not be pinned or trusted by any system. In general, you can expect the staging intermediates to parallel the corresponding production (trusted) intermediates. If strictly necessary, you can get full certificate details here.
The staging environment uses several test CT logs. SCTs from these logs are included in staging certificates. However, as staging is a test environment only, CT cannot be used to observe staging issued certificates reliably.
These logs include Let’s Encrypt Testing Logs, as well as test logs from other Certificate Transparency log operators.
Additionally, some ct-test-srv logs may be used, which are not actual logs and do not store issued certificates.
The staging environment has generous rate limits to enable testing but it is not a great fit for integration with development environments or continuous integration (CI). Making network requests to external servers can introduce instability and the staging environment offers no way to “fake” DNS or challenge validation success which makes for more complicated test setups.
In addition to the staging environment Let’s Encrypt offers a small ACME server purpose built for CI and development environments called Pebble. Running Pebble on your development machine or in a CI environment is quick and easy.