Is it possible to know what challenge was used to validate a domain before issuing a certificate?


#1

Hi there,

so last week a letsencrypt certificate was issued for one of my websites and it wasn’t done by me. I’m trying to track down how this happened, as my DNS records weren’t changed, and my server and email weren’t compromised. I still want to make sure though.

My current theory is that there was some kind of DNS poissoning going on which was able to trick the CA to issue the cert.
Is it possible to know what challenge was used to validate a domain before issuing a certificate? In case it is, if the challenge used was the http validation, is it possible to know what IP address was the domain pointing to during the validation?


#2

All of those details are publicly available if you know either the Order ID or Authorization ID.

Try sending a private message to cpu or jsha, they might be able to look up the details for you.


#3

I would also suggest reporting the incident to security@ the Let’s Encrypt domain. In addition to helping with revocation, they may be able to investigate directly from the Let’s Encrypt side, regardless of what information they’re able to share with you.


#4

Great, I’ll do that.
Thanks for all!


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.