Will you issue certificates for third-level domains too?

kovbal · October 22, 2015, 2:05pm

Will you issue certificates for third-level domains (e.g. icecream.example.com) if the second-level domain is not under the requester’s control?
StartSSL for example does not, and it also doesn’t issue certificates for .tk domains.

We’re hosting a site for a research group under a university’s domain, so the subdomain is under our control, but the second-level domain is not. I think this is a legitimate scenario for separate certificate for the third-level domain, but I understand that some CAs think otherwise (hard to check who’s the real owner).

If I understand your protocol correctly, this is absolutely possible with the same security as issuing a certificate for a second-level domain, but still an explicit confirmation would be nice.

So what’s your position on this?

Answer:

Yes, Let’s Encrypt supports third-level domains too, there is no restriction as it is discussed in an other thread.

kelunik · October 22, 2015, 4:07pm

Yes, that should be possible, even for services like DynDNS with its subdomains.

kovbal · October 22, 2015, 4:18pm

Thanks, that’s really good news.

rugk · October 22, 2015, 5:27pm

Yes, like said here too:

kovbal · October 22, 2015, 5:36pm

OK, glad to hear it. To be honest, at first that question sounded a lot different, but now that I read the answers, it really is the same issue.

Topic		Replies	Views
Issuance authority and DNS delegation Issuance Policy	11	3235	January 14, 2017
Possible to issue certificates for customer's subdomains? Issuance Tech	3	3326	December 6, 2015
Certs for subdomains without the domain owner's permission Issuance Policy	53	15573	October 26, 2016
Do You Support Free Domains Issuance Tech	7	10674	August 18, 2015
Limits per domain and security concern when poitning 3-rd party with subdomain Issuance Policy	4	1130	April 13, 2018

Will you issue certificates for third-level domains too?

Related topics