Yeah - there's many ssl vendors who've automated everything - so long as you can read email sent to webmaster@whatever-damned-phishing-domain-you-like.com, they'll sign a csr for that domain's ssl cert.

Most certificate providers are already fully automated, the personal identity (not domain ownership) verification is the only human part.