I just ran across an LE certificate that has dozens of weird Common Names and dozens of weird Subject Alternate Names and the website in question is listed as one of the SAN domains.
Just wondering if this is normal for a certificate? I thought that certificates were supposed to be “owned” by a single entity since it vouches for that domain being owned by that entity…correct? Or not?
I guess I’m just asking for where to find more information on this to understand why so many disparate domains are listed in these single certificates. At first I thought it’s a hacker registering a ton of domains to perform nefarious deeds, but now I’m not sure. Perhaps the LE system stacks domains into a SAN in order to save database space or something?