(no title)
Vorh
|
1 year ago
As far as I remember from when I last read that article, it was a police-requested MiTM by the hosting provider. LetsEncrypt did a standard challenge (requesting http://webroot/.well-known/something) and the MiTM responded appropriately. This isn't really a problem with LE - if you can control the http response to all outside servers, it's fair to say that you control the domain and should have the cert. Bad on the hosting provider for doing so? Maybe, but there is no way for LE to know.
No comments yet.