Understanding the approval process

We are using Zendesk as our customer service,
As part of the onboarding process, they have created a subdomain
In our example: help.our_domain.com and this domain now has a letsencrypt certificate
No DNS or other verification was done

How is it possible?
Thanks for any help

1 Like

How sure are you about that? Just an open port 80 is required for the http-01 challenge. Not necessarily using DNS. It's all meant to be automated, so it's actually a good thing you're thinking nothing happened, but in the background, it surely did :wink:

Also, did you ask Zendesk about this?

You can read more about Zendesk, (sub)domains & Let's Encrypt (among other topics) at Host mapping - Changing the URL of your help center – Zendesk help, including e.g. the paragraph " Reviewing the SSL status of a certificate".


So what you are telling us is that once we create a CNAME DNS record pointing help.<OUR_DOMAIN> to Zendesk servers, they can easily add a file like this http://<OUR_DOMAIN>/.well-known/acme-challenge/ and get a certificate for it



That's correct. The certificate system effectively considers them to be directly operating that subdomain, and therefore they're allowed to have a certificate for it.


If only the help subdomain has gotten a CNAME to Zendesk, they also should only be able to issue a certificate for that subdomain.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.