so last week a letsencrypt certificate was issued for one of my websites and it wasn’t done by me. I’m trying to track down how this happened, as my DNS records weren’t changed, and my server and email weren’t compromised. I still want to make sure though.
My current theory is that there was some kind of DNS poissoning going on which was able to trick the CA to issue the cert.
Is it possible to know what challenge was used to validate a domain before issuing a certificate? In case it is, if the challenge used was the http validation, is it possible to know what IP address was the domain pointing to during the validation?