Certificates issued to persons or entities on the U.S. Treasury Department’s Specially Designated Nationals list

#1

These 47 domains, present on the SDN list, seams to have unexpired unrevoked certificates issued by Let’s Encrypt:

https://crt.sh/?q=%.oboronlogistika.ru
https://crt.sh/?q=%.acidsazan.ir
https://crt.sh/?q=%.al-nour.net
https://crt.sh/?q=%.almaz-antey.ru
https://crt.sh/?q=%.aqsatv.ps
https://crt.sh/?q=%.baikalinc.ru
https://crt.sh/?q=%.banksepah.ir
https://crt.sh/?q=%.burgaz.ru
https://crt.sh/?q=%.consolstroy.ru
https://crt.sh/?q=%.daybankbroker.com
https://crt.sh/?q=%.diarioamanecer.com.mx
https://crt.sh/?q=%.dorstroycom.ru
https://crt.sh/?q=%.fiib.com.my
https://crt.sh/?q=%.gbpc.net
https://crt.sh/?q=%.goldenstar-co.com
https://crt.sh/?q=%.imsengco.com
https://crt.sh/?q=%.internet.ir
https://crt.sh/?q=%.investcapitalbank.ru
https://crt.sh/?q=%.irib.ir
https://crt.sh/?q=%.isleasingco.com
https://crt.sh/?q=%.khazarshipping.ir
https://crt.sh/?q=%.kk-pu.com
https://crt.sh/?q=%.kps-co.com
https://crt.sh/?q=moreship.ru
https://crt.sh/?q=%.morganme.com
https://crt.sh/?q=%.niip.ru
https://crt.sh/?q=%.omidrey.com
https://crt.sh/?q=%.ooosgm.ru
https://crt.sh/?q=%.ovlas-trading.com
https://crt.sh/?q=parsisotope.com
https://crt.sh/?q=%.phiolent.com
https://crt.sh/?q=%.pulseniru.com
https://crt.sh/?q=%.ramor.com.tr
https://crt.sh/?q=%.rncb.ru
https://crt.sh/?q=%.sharif.edu
https://crt.sh/?q=%.sinabank.ir
https://crt.sh/?q=%.sniperafrica.com
https://crt.sh/?q=%.star.ru
https://crt.sh/?q=%.sudocompozit.ru
https://crt.sh/?q=tadbirenergy.com
https://crt.sh/?q=%.tajco-ltd.com
https://crt.sh/?q=%.tidewaterco.com
https://crt.sh/?q=%.tmico.ir
https://crt.sh/?q=%.trans-flot.ru
https://crt.sh/?q=%.ukrport.org.ua
https://crt.sh/?q=%.unomasuno.com.mx
https://crt.sh/?q=%.zalivkerch.com

For completeness, those 20 seams to have recently expired certificates issued by Let’s Encrypt:

https://crt.sh/?q=%.ansarbank.com
https://crt.sh/?q=%.arian-bank.com.af
https://crt.sh/?q=%.atlassarafi.com
https://crt.sh/?q=%.bmi.ir
https://crt.sh/?q=%.cyberpolice.ir
https://crt.sh/?q=%.damavandpg.co.ir
https://crt.sh/?q=%.tmgic.ir
https://crt.sh/?q=%.kerchport.com
https://crt.sh/?q=%.genbank.ru
https://crt.sh/?q=%.gosbank.su
https://crt.sh/?q=%.ihu.ac.ir
https://crt.sh/?q=%.lolalolita.com
https://crt.sh/?q=%.mahantravel.com.my
https://crt.sh/?q=%.mbbru.com
https://crt.sh/?q=%.miguelleone.com
https://crt.sh/?q=%.nioc.ir
https://crt.sh/?q=%.rixointernational.com
https://crt.sh/?q=%.royalpearlchem.com
https://crt.sh/?q=%.transoil.com
https://crt.sh/?q=%.usareally.com

Related: https://community.letsencrypt.org/t/according-to-mcclatchydc-com-lets-encrypt-revoqued-and-banned-usareally-com/81517/10

error:Renewing an existing certificate An unexpected error occurred: Error creating new order :: Policy forbids issuing for name
#2

Hi @josh, I think it’s your domain, if you have an opinion about it?..

#3

This thread was just brought to my attention. We will look into this today. Thanks.

In the future please email security@ with SDN reports so we can respond more quickly.

2 Likes
#4

Sorry, I didn’t think it could be an urgent matter, I will be careful next time!

Will you post an update once all these domains are checked and the certificates revoked if necessary? (I saw some were revoked since but not all)

Will Let's Encrypt uphold their own Terms of Service?
#5

All certificates for the domains you reported were revoked on the day of my initial comment here. Those domains are also banned from further issuance. This is standard procedure for SDN entity domains, once they are brought to our attention.

#6

I confirm that all certificates related to reported domains are now revoked.