Legal owner of a certificate signed by let's encrypt?

Arnaud-Nauwynck · March 28, 2024, 1:11pm

How to know the legal owners of a certificate signed by let's encrypt?

petercooperjr · March 28, 2024, 1:15pm

I'm not sure I quite understand the question. Let's Encrypt only does Domain Validation, issuing a certificate promising that the holder of a private key is the same entity which controls a domain name. Let's Encrypt doesn't know anything about "legal owners".

You might find these documentation pages helpful for understanding what Let's Encrypt does:

Arnaud-Nauwynck · March 28, 2024, 1:26pm

so who can I know the legal domain owner?
in my case the website is https://elec-mobile.com
the certificate is signed by let's encrypt... but imopssible to find info.
all emails, tel numbers, etc... are wrong on the site (or not responding).
What is the domain authority that was checked when signing?

MikeMcQ · March 28, 2024, 1:34pm

You could try using a WHOIS service to learn the registrar of the domain name. Often these are behind privacy services but you could try. (like here)

You could lookup the IP address and contact the handler of that.

If you look at the response headers to HTTPS requests to that domain you might get clues no where their website is hosted.

If you suspect them of fraud you could report them to various services like these:
https://safebrowsing.google.com/safebrowsing/report_badware/

None of this is unique or even related to Let's Encrypt. I am just offering ideas.

Osiris · March 28, 2024, 1:53pm

I concur with Mike and would advice to "whois" the IP address of the server to find out the hosting company of the site. Usually these whois info also has an "abuse" email address where you can address your concerns with a website hosted by that provider, if applicable.

With regard to your primary question regarding legal ownership of a certificate, please see the legal documents of Let's Encrypt at Policy and Legal Repository - Let's Encrypt.

salsecrets · March 28, 2024, 2:03pm

Match it to a who-is inquiry, perhaps?

aarongable · March 28, 2024, 2:30pm

It looks like what you really want is the legal owner of the domain to which the certificate was issued. That, I can't help with, though the folks above have given some useful pointers.

The legal owner of the certificate itself is Let's Encrypt, per the Subscriber Agreement, Section 3.6:

Your Certificate will remain the property of ISRG, subject to Your right to use it as set forth in this Agreement.

jvanasco · March 28, 2024, 2:51pm

LetsEncrypt only issues DV certificates through automated verification. The three DV verification methods LetsEncrypt uses do the following:

verify control of the domain's web server by hosting a unique URL containing a unique code: HTTP-01/TLS-ALPN-01
verify control of the domain's DNS by hosting a TXT challenge containing a unique code

You can use whois information to find out who owns the domain. Most are shielded with proxies though.

Bruce5051 · March 28, 2024, 4:19pm

This what ICANN Lookup shows.

Bruce5051 · March 28, 2024, 4:55pm

Also the presently being severed certificate https://decoder.link/sslchecker/elec-mobile.com/443
has other Domain Names in the SANs

Common Name:	elec-mobile.com
	
				DNS:elec-mobile.com
				DNS:electric-roule.com
				DNS:lajoa-beauty.com
				DNS:www.elec-mobile.com
SANs:			DNS:www.electric-roule.com
				DNS:www.lajoa-beauty.com
				Total number of SANs: 6

Arnaud-Nauwynck · March 31, 2024, 5:43pm

Thanks
I wanted to know if their has something Juridical (not technical) checked by Let's Encrypt.
Apparently not.
Let's encrypt only sign some DNS alternate subject names, and check the DNS record while signing.
That's a pity
Maybe Let's Encrypt could try to get more info while signing using web IANA apis, and add this info in the signed certificate.

danb35 · March 31, 2024, 5:51pm

DV (Domain-validation) certs are all Let's Encrypt does, and all they're ever likely to do.

petercooperjr · April 1, 2024, 1:24am

Just in case the domain information changes between the time Let's Encrypt issues a certificate and the time someone is trying to look into it? I suspect that they'd rather just solve that problem by issuing much sorter-duration certificates.

Bruce5051 · April 1, 2024, 1:39am

@Arnaud-Nauwynck please explain in detail what you mean.

jvanasco · April 1, 2024, 4:48pm

LetsEncrypt is one of many Certificate Authorities who participate in the CA/B Forum (https://cabforum.org/ and CA/Browser Forum - Wikipedia) which standardizes rules for certificates and adoption of those certificates into web browsers and operating systems.

I suggest reading up on the CA/B forum so you can realize the type of changes you seek is not something that LetsEncrypt could or would do on it's own. You are a requesting a core change to the entire ecosystem of certificates, and holding one party - LetsEncrypt - personally accountable because it is the most convenient actor to you.