Request Invalidation of Certificate

I am curious to know if there is a process an organization could complete to request a certificate be invalidated by Let’s Encrypt due to the certificate being used to impersonate or maliciously represent a legitimate organization. How should someone do this?

Let’s Encrypt only provide DV certificates (which guaranty that the communication is secure with the website, not the identity of the entity behind it), not OV or EV ones (which gives more details about the entity behind a given domain).

If it’s a phishing domain, please see https://letsencrypt.org/2015/10/29/phishing-and-malware.html

If that domain is against the law (because it impersonate your company for example) you may contact the authorities and/or the registrar of that domain, or the hosting provider.

2 Likes