Determining who created a certificate


#1

Hi,

I read an article on your website on how the Let’s Encrypt work (https://letsencrypt.org/how-it-works/).
How will I know who register or installed the SSL on the website? the company where the website is being host informed that they were not the one who registered the SSL and advised their client to contact the one who registered the domain of the website instead.

Is there any way you can determine who requested for the SSL on the particular website?
I don’t know much of the technicalities, so I hope you can help me out on this.

The reason why I asked this is because the SSL of the website has already expired and the client might want to renew it, and I would like to know who should they contact for the renewal.

I hope to receive a response :slight_smile:

Thank You


About the Issuance Tech category
#2

Hi @WannaKnow,

Let’s Encrypt certificates are issued automatically using software. Usually this software runs directly on the machine that hosts the web site. There are dozens of different software tools that have Let’s Encrypt integrations, so there’s no single standard way of doing it.

Ideally, there isn’t a “person” on either end, but rather some kind of hosting provider tool on the web host end, and the automated Let’s Encrypt service on the certificate authority end, and they talk to each other and arrange for the issuance of certificates. However, sometimes the certificate is requested by a person using a software application interactively somehow.

There’s no straightforward way to find out who originally obtained the certificate, but if you tell us more about the software environment that’s used to host the site, we may be able to suggest what kinds of tools or systems were most likely to have been used before or are most relevant to that environment.

Depending on what kind of hosting is being used, the best case might be that the hosting provider could set up automated certificate issuance and renewal using tools that the hosting provider already has. There’s no requirement to continue using the same tools, methods, or credentials (or even the same certificate authority) to get a new certificate, so it might not be necessary to figure out exactly how it was done before if you can find a better or more practical alternative now.


#3

Also, there is no person at Let’s Encrypt who could press a button to cause the certificate to be renewed. The certificate renewal would involve some kind of software application running, ideally, on the web server; that software would make an appropriate new request, prove its control over the domain name in question, and then automatically receive an updated certificate.


#4

Hi Schoen,

Thanks for answering my question, I really appreciate your prompt response.
Hope you’ll have a good day!!