|
|
|
|
|
|
by alexpeattie
3818 days ago
|
|
|
Yes, although the subdomains still point to deviantart's servers. The difference here is that ad.example.com ends up pointing to the attacker's server. Because LetsEncrypt needs a very specific response to be served from a specific endpoint, you need this kind of total control to validate a domain and get a certificate issued. |
|
|