How do you confirm the person asking for the certificate actually owns the domain?


#21

All arguments apply to any form of domain validation (e.g., by email confirmation). It is really hard from outside to distinguish ownership from pwnership.


#22

They normally do it by email.


#23

2 posts were split to a new topic: Why doesn’t Let’s Encrypt use WHOIS information for domain validation?


Why doesn't Let's Encrypt use WHOIS information for domain validation?