← Back to context

Comment by blueflow

3 years ago

How could Letsencrypt even verify a server setup if not via DNS/HTTP? Also, verify against what? The servers are basically random strangers without identity when they first talk to LE.

In this case there has been a valid certificate for the site; this alone should raise suspicion.

Also, if they cannot do secure validation then maybe they should stop issuing certificates for sites that already have a proper certificate.