I’ve found an .onion site with a Let’s Encrypt certificate (I was surprised). I’ve tried to look up the certificate elsewhere around the net (SSL Labs, etc.) to verify it’s authenticity, but unsurprisingly none of the sites I used were able to contact the server. Presumably they don’t have the ability to connect to an onion service.
How can I manually and independently validate this certificate’s sha256/sha1 hash? Yes, I’m sure Let’s Encrypt is the issuer. The site has a clearnet address also with certs issued by LE, but those hashes are different. Those clearnet other SSL hashes do appear on various SSL checking sites.
This is posted in feature requests because I wish there was a domain lookup at the Let’s Encrypt site itself, but I’ll happily settle for some other solution if one exists.