We are using Zendesk as our customer service,
As part of the onboarding process, they have created a subdomain
In our example: help.our_domain.com and this domain now has a letsencrypt certificate
No DNS or other verification was done
How is it possible?
Thanks for any help
How sure are you about that? Just an open port 80 is required for the http-01 challenge. Not necessarily using DNS. It's all meant to be automated, so it's actually a good thing you're thinking nothing happened, but in the background, it surely did 
Also, did you ask Zendesk about this?
You can read more about Zendesk, (sub)domains & Let's Encrypt (among other topics) at Host mapping - Changing the URL of your help center – Zendesk help, including e.g. the paragraph " Reviewing the SSL status of a certificate".
Thanks,
So what you are telling us is that once we create a CNAME DNS record pointing help.<OUR_DOMAIN> to Zendesk servers, they can easily add a file like this http://<OUR_DOMAIN>/.well-known/acme-challenge/ and get a certificate for it
Noted
That's correct. The certificate system effectively considers them to be directly operating that subdomain, and therefore they're allowed to have a certificate for it.
If only the help subdomain has gotten a CNAME to Zendesk, they also should only be able to issue a certificate for that subdomain.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.