Will you issue certificates for third-level domains too?


Will you issue certificates for third-level domains (e.g. icecream.example.com) if the second-level domain is not under the requester’s control?
StartSSL for example does not, and it also doesn’t issue certificates for .tk domains.

We’re hosting a site for a research group under a university’s domain, so the subdomain is under our control, but the second-level domain is not. I think this is a legitimate scenario for separate certificate for the third-level domain, but I understand that some CAs think otherwise (hard to check who’s the real owner).

If I understand your protocol correctly, this is absolutely possible with the same security as issuing a certificate for a second-level domain, but still an explicit confirmation would be nice.

So what’s your position on this?


Yes, Let’s Encrypt supports third-level domains too, there is no restriction as it is discussed in an other thread.


Yes, that should be possible, even for services like DynDNS with its subdomains.


Thanks, that’s really good news.


Yes, like said here too:


OK, glad to hear it. To be honest, at first that question sounded a lot different, but now that I read the answers, it really is the same issue.