Thank you for your attention.
Let’s Encrypt has a dedicated email address used for these kinds of reports (it’s referenced in a post in the linked thread below), but please note that Let’s Encrypt’s policy is not to revoke certificates reported for phishing:
This post also links to a blog post explaining the reasons behind that policy
I went ahead and reported the domain to a number of services that block phishing sites (Google Safe Browsing, etc.)
For what it’s worth, an active phishing site on Google’s SafeBrowsing list won’t be able to issue a new certificate, but it’s not like phishing domains last 90 days anyway…
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.