
Lets Encrypt Is Insecure - crapsalot
Lets Encrypt has recently been the target of a few news stories.  A brief review of Lets Encrypt documentation highlights the basic problem with Lets Encrypt is a reliance on the ACME protocol&#x27;s gaping security hole of equating DNS A record server IP addresses with domain ownership.<p>It&#x27;s very clear that if a domain has a wildcard host record that Lets Encrypt will automatically enable any root user of DNS A record IP address host to generate an near unlimited number of subdomain certs.<p>All these subdomain certs will be viewed as valid certs by most browsers because of the IdenTrust cross cert.<p>Since control of a given host included in a DNS A record does not equate to domain ownership, Lets Encrypt certs should not be recognized at the same trustworthiness of DV certs issued by a standard CA.<p>Why should the Internet trust Lets Encrypt at the same level as DV certs?
======
0x0
If you don't trust the admins of whatever server is behind an IP address to
represent your domain, then you shouldn't add that IP address to your domain.
I don't see a problem here.

------
ChristianBach
Because just about any other CA also offer the domain validated certificates
through the same kind of validation process?

