undefined | Better HN

0 pointscortesoft8y ago0 comments

How would they prove that you own every subdomain?

0 comments

baby8y ago

I'm not sure I understand the question. If you own something.com then you automatically own any possible subdomains.

The Let's Encrypt process is about validating control of the content on a domain, not about OWNERSHIP of the domain. To get a cert, you just have to be able to update a file at a Let's Encrypt specified location on the domain. This is only proving that you are in control of the website for that specific domain, not that you are in control of the DNS for the entire domain and all subdomains.

Of course if I own a domain, I own all the subdomains. However, being in control of the site served at port 80 for a domain does not mean I own it.

lordelph8y ago

But the ACME protocol, the automation underpinning Let's Encrypt, supports validation via a DNS challenge (adding a specific TXT record to the domain). Would it not be possible to issue wildcards if-and-only-if a DNS challenge succeeds?

1 more reply

j / k navigate · click thread line to collapse