Certificate Literally for “Example.com”

Question

I want to create some documentation for how to set up various servers with HTTPS. Can example.com be used for this? Assuming the reader has a private DNS server to point their clients to a self-hosted "example.com" domain, is there a public CA that offers certificates for example.com? Possibly with wildcards?Answers to this question are difficult to google because a lot of documentation out there reads as though "example.com" is really just a placeholder (as it should be) for an actual privately owned domain.

ksaj · Accepted Answer

I can't imagine that they ever would give you that, because it would break everything about PKI for the real example.com domain. If you got valid private keys for it from an authoritative CA, you could conduct a man-in-the-middle attack (amongst other things) and there'd be little to no way for anyone to notice.
Now locally on your own network, you can set up a certificate authority and your own DNS service for the domain, and then do whatever you want within the confines of your local network. But you won't be able to reach the real example.com at the same time, since you'll be configured to route example.com through your internal imitation of the external network for at least that domain.
I used to do this for "hacme.corp" (which is not currently a valid domain on the Internet) for teaching penetration test courses.

LinuxBender · Answer

No but you can register a domain and get free wildcard certs from LetsEncrypt for it. Use registrars that let you search for similar names and you can probably find something like myexample.net I did not check if this is available, this is just an example

detaro · Answer

no, CAs can't do that.