[bracewel]

Boulder (the CA backend) has two solutions to this problem

a. if we know of an already existing certificate for the domain that is being authorized you must prove control over both the server and the key used in the existing certificate

b. validation is done over multiple paths to confirm results, an attacker would need to be able to hijack connections from all of our validation servers in order to cause miss-issuance (servers which would move over time)

Currently (a) is mostly implemented but (b) needs quite a bit more work before it can go live.

[devit]

What happens if the user loses the key?

What happens if a certificate is requested, the domain is sold to a new owner and the new owner tries to request a certificate, but doesn't have access to the keys for the old one?

Also, how can the new owner revoke all certificates delivered to previous owners?

[AnthonyMouse]

Certificates expire. Presumably the answer to all of your questions would then be to wait for the old certificate to expire.

So if you want to mitigate the consequences at the outset, use certificates that expire quickly. Which should be easy when renewing a certificate is free and automatic.

[bracewel]

Either wait for the certificate to expire, register a new certificate for the domain with another CA which LE will see and can then be used to prove ownership, or ask the originally issuing CA to revoke the certificate which will remove the need for the challenge completely.

[devit]

I interpreted "you must prove control over both the server and the key used in the existing certificate" as meaning that if a Let's Encrypt certificate for the domain has been created in the past, you need to own its key (presumably proved by signing something with it) to get another one.

Is that wrong?

Waiting for certificates to expire could mean waiting for years, unless they have auto-renewing very short-lived certificates (but then you have the same problem for the authentication used to automatically get those certificates).

[MatthewWilkes]

LetsEncrypt does use very short-lived certificates (90 days) for this reason. However, you have to remember than when you buy a domain you already have no idea if any CA has issued valid certificates for it.