How do I achieve Caddy auto-TLS via Let's Encrypt without DNS?

I’m sure this is a typical scenario, but I can’t find the appropriate sequence of steps.

I have an existing www_dot_example_dot_com server at (say) running Apache. I am building a new server at using Caddy. For testing, I put www.[details=Summary]This text will be hidden[/details] in my local /etc/hosts. Once all is working, I will repoint the www_dot_example_dot_com DNS entry from to

The problem is I can’t start Caddy on to serve www_dot_example_dot_com.

I get

[wwwdotexampledotcom] failed to get certificate: acme: Error 403 - urn:acme:error:unauthorized - Invalid response from wwwdotexampledotcom/.well-known/acme-challenge/6Xc4_oq6r0de25CtrYIw59YeVHvUWQ9Ag6H3XbGx8y0:

which I assume is caused by the DNS entry for www_dot_example_dot_com pointing to, not

So how do I get certs and start Caddy so I can test www_dot_example_dot_com on before updating the public DNS entry?

You can’t. The point of domain validation is to verify that you control the DNS for the domain, and the machine the domain points to. You’ll have to run Caddy on the machine the DNS is pointing to. (Unless you use the DNS challenge, but that still uses DNS.)

So how do I resolve this catch 22 situation? I don’t want to disrupt the existing live service, and I don’t want to switch to the new service without testing it first.

Set up a different domain name for testing, or use the DNS challenge.