Comment by a1369209993

3 years ago

> 6 months [...] 90 days.

So they were told to renew the certificate, but not how many times to renew it?

They were told to renew the original certificate, but weren't told to also renew the renewed one.

Shouldn't the certificate transparency logs have it?

  • I suspect it's not trivial to distinguish between the legit and fake ones just based on CT logs. Unless Let's Encrypt publicly logs the account used to issue the certificate (I think they don't), only the logs held at Let's Encrypt will reveal this information. I expect their security team to be looking at those logs right now.