Will you issue certificates for third-level domains too?

Will you issue certificates for third-level domains (e.g. icecream.example.com) if the second-level domain is not under the requester’s control?
StartSSL for example does not, and it also doesn’t issue certificates for .tk domains.

We’re hosting a site for a research group under a university’s domain, so the subdomain is under our control, but the second-level domain is not. I think this is a legitimate scenario for separate certificate for the third-level domain, but I understand that some CAs think otherwise (hard to check who’s the real owner).

If I understand your protocol correctly, this is absolutely possible with the same security as issuing a certificate for a second-level domain, but still an explicit confirmation would be nice.

So what’s your position on this?


Yes, Let’s Encrypt supports third-level domains too, there is no restriction as it is discussed in an other thread.

1 Like

Yes, that should be possible, even for services like DynDNS with its subdomains.

Thanks, that’s really good news.

Yes, like said here too:

1 Like

OK, glad to hear it. To be honest, at first that question sounded a lot different, but now that I read the answers, it really is the same issue.