Hi, Is there a way to confirm the digital signature of a letsencrypt.org certificate? I was told that this has to be done with the CA that issued the website cert. I checked FAQs and also browsed the site for such a feature but could not locate one.
A site that I visit called www.dailyplaylist.com comes up in Bitdefender AV as possibly having an issue. "Untrusted pages exhibit suspicious behavior or particularities we deem risky" is the message that Bit Defender shows. This happens before the page fully loads, and the site usually loads the digital cert to ensure encrypted transport between client and server. So, I was wanting to know if I could verify the SHA finger print with the CA if possible.
The website will be serving 1-2 things: the Certificate will definitely be in the payload, but there will also be one or more "intermediates" in a "chain" leading up the "root" on your computer.
The chain of trust goes like this:
Your browser or operating system has "root" certificates in it's trust store.
The certificate served by the website is signed by an intermediate certificate
The intermediate certificate is signed by either another intermediate or the root certificate.
With the "verify" command, you simply validate the website certificate was signed by the intermediate, and the intermediate was signed by the root. If there are multiple intermediates, you verify each level upwards, until you hit the root.
There are two IPs configured to serve that domain in DNS. Both have the same problems.
There is a certificate name mismatch - they are running the certificate for dailyplaylist.com not www.dailyplaylist.com. That certificate is also issued by godaddy, not letsencrypt.
The site dailyplaylist.com does work, but is being served by a generic "for sale" landing page.
This site probably went out of business, or did not pay a bill and was taken offline by their host.
Thanks. Slight type-o, ones dailyplaylist.com (without an s at the end) and the other dailyplaylists.com which is the LetsEncrypt CA Organization. I'll send them an email to see if the can update the dailyplaylists.com. They can get with Bitdefender support to see what they can do to resolve. Thanks
Might have found the issue, the CNAME entry for www.dailyplaylists.com points to 54.161.234.33 which is not replying. I sent an email to dailyplaylists.com support so they can check the entry and to get with Bitdefender to further resolve. Thanks for taking the time to reply, it was quick and very appreciated