Will you issue certificates for third-level domains too?

kovbal · October 22, 2015, 2:05pm

Will you issue certificates for third-level domains (e.g. icecream.example.com) if the second-level domain is not under the requester’s control?
StartSSL for example does not, and it also doesn’t issue certificates for .tk domains.

We’re hosting a site for a research group under a university’s domain, so the subdomain is under our control, but the second-level domain is not. I think this is a legitimate scenario for separate certificate for the third-level domain, but I understand that some CAs think otherwise (hard to check who’s the real owner).

If I understand your protocol correctly, this is absolutely possible with the same security as issuing a certificate for a second-level domain, but still an explicit confirmation would be nice.

So what’s your position on this?

Answer:

Yes, Let’s Encrypt supports third-level domains too, there is no restriction as it is discussed in an other thread.

kelunik · October 22, 2015, 4:07pm

Yes, that should be possible, even for services like DynDNS with its subdomains.

kovbal · October 22, 2015, 4:18pm

Thanks, that’s really good news.

rugk · October 22, 2015, 5:27pm

Yes, like said here too:

kovbal · October 22, 2015, 5:36pm

OK, glad to hear it. To be honest, at first that question sounded a lot different, but now that I read the answers, it really is the same issue.

Topic		Replies	Views
DynDns/No-IP ("Managed DNS") support Issuance Policy	22	59763	April 30, 2016
Certs for subdomains without the domain owner's permission Issuance Policy	53	15111	October 26, 2016
Sub-domain validation Issuance Policy	7	3096	September 7, 2017
Russia & Other - Any restricitons? Issuance Policy	4	246	October 23, 2024
Do You Support Free Domains Issuance Tech	7	10592	August 18, 2015

Will you issue certificates for third-level domains too?

Related topics