Is it possible to know what challenge was used to validate a domain before issuing a certificate?

whops · May 12, 2018, 5:28pm

Hi there,

so last week a letsencrypt certificate was issued for one of my websites and it wasn’t done by me. I’m trying to track down how this happened, as my DNS records weren’t changed, and my server and email weren’t compromised. I still want to make sure though.

My current theory is that there was some kind of DNS poissoning going on which was able to trick the CA to issue the cert.
Is it possible to know what challenge was used to validate a domain before issuing a certificate? In case it is, if the challenge used was the http validation, is it possible to know what IP address was the domain pointing to during the validation?

_az · May 12, 2018, 7:38pm

All of those details are publicly available if you know either the Order ID or Authorization ID.

Try sending a private message to cpu or jsha, they might be able to look up the details for you.

schoen · May 12, 2018, 10:36pm

I would also suggest reporting the incident to security@ the Let’s Encrypt domain. In addition to helping with revocation, they may be able to investigate directly from the Let’s Encrypt side, regardless of what information they’re able to share with you.

whops · May 13, 2018, 12:39pm

Great, I’ll do that.
Thanks for all!

system · June 12, 2018, 12:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.