* Domain apple-id-2.com is not currently registered
* Domain apple-id-2.com has (apparently) never been registered
* LetsEncrypt, on 2017-01-03, issued a valid certificate for apple-id-2.com
Since we can't know how validation was successfully performed, all we can do is speculate. Someone from LetsEncrypt will have to investigate and let us know. Fortunately, they should have very detailed audit logs for exactly this purpose.
reply
I know there are historical whois sites, but as far as I know unless someone in the past checked for the domain with their service, they'd have no record of it otherwise. So maybe that would explain how it has a cert for a domain that currently does not exist and appears to never been registered.
In terms of technical limitations, nothing stops any CA from issuing any cert they want. It's the business consequences that stop them from doing so.
If Let's Encrypt wants to keep themselves on the trusted-root-CA list of Windows, Chrome, MacOS, et. al., they need to keep their noses clean.
* Domain apple-id-2.com is not currently registered
* Domain apple-id-2.com has (apparently) never been registered
* LetsEncrypt, on 2017-01-03, issued a valid certificate for apple-id-2.com
Since we can't know how validation was successfully performed, all we can do is speculate. Someone from LetsEncrypt will have to investigate and let us know. Fortunately, they should have very detailed audit logs for exactly this purpose.
reply