
Ask HN: Do CAs disclose domain details of all issued certificates? - emma_b
I recently used letsencrypt for the first time and thought I&#x27;d have a certificate for each of multiple subdomains, where subdomains include e.g. dev. and staging.<p>Just about to launch a new website, googled the main domain to see if it&#x27;d been indexed, and discovered, to my horror, that each subdomain is shown as a result on a certificate details website, with the subdomain as the page title.<p>The subdomains are all 403 with an IP whitelist, with some basic authentication on top, but even having these subs listed exposes more info than I&#x27;d like.<p>Has anyone else experienced this? Could this be a feature peculiar to letsencrypt?<p>Any tips on preventing this happening again without resorting to wildcard certificates or dedicated development domains, and perhaps on removing references to subdomains from search engines?<p>Thanks
======
detaro
You can choose a CA that isn't part of Certificate Transparency[0] and hope
that it doesn't become a standard, which it probably will.

[https://www.certificate-transparency.org/](https://www.certificate-
transparency.org/)

If you can't live with your domain names being exposed you'll have to get a
wildcard or pick less meaningful domain names.

~~~
emma_b
Thanks. Learned something new today.

