|
|
|
|
|
|
by lasdfas
3037 days ago
|
|
|
Let's Encrypt just like every other certificate authority validates that you own the domain before giving you a cert. They do that by sending a request to the domain from their servers (via looking up the nameservers via domain registries) and validating the response matches a unique message generated. You could impersonate google.com on wifi, but you couldn't get a valid cert for google.com because you don't own the nameservers or any of the servers that google.com points to. |
|
|