[Pharaoh2]

DV certs don't say anything about who the own the website. Just that the website is the URL you are trying to visit. Someone else could have registered the url and created the website, so checking the certificate chain doesn't prove anything.

EV certs on the other hand at least claim to verify who owns the website but even then I would be cautious.

[jaggederest]

Right, I was mostly looking to see if it was some dodgy cert provider - Amazon is on my mental list of questionable-but-not-obviously-scammy ones. EV certs, to me, just mean 'this cert is intended to secure company x's sites', not 'company x controls this site'. So an obvious on-page-text mismatch to the cert raises red flags, for example.