Hi All
Does anyone know how a certificate issued to a domain that has been issued fraudulently could be revoked?
Sure, we can help. Can you explain more what you mean by "fraudulent". This means different things to different people. If we know more of your circumstances we can better assist.
Also, we'll need to know if you have an ACME Client that you are comfortable using. That will be needed to revoke a cert issued by Let's Encrypt.
It would also be helpful to know the domain name in question. It is often helpful to review the cert issuance history.
Thank you
Also see: https://letsencrypt.org/docs/revoking/
2 Likes
And if you mean you came across a malafide website using a Let's Encrypt certificate in the wild: please see A website using Let’s Encrypt is engaged in Phishing/Malware/Scam/… , what should I do?.
2 Likes
Hi Mike - someone has set up a typo'd version of my company's domain, and is using it to scam people by offering AI-based investment at keepler-ia . com. I have been using acme.sh for many years, so can use that quite happily.
@Osiris - thanks for the suggestions - I'll take a look there too
3 Likes
You can't revoke certificates for a domain name you don't control.
3 Likes
Verisign (operator of the .com zone) has a page on DNS abuse which might help you Combating DNS Abuse - Verisign
4 Likes