How do you confirm the person asking for the certificate actually owns the domain?

2 posts were split to a new topic: Why doesn’t Let’s Encrypt use WHOIS information for domain validation?