[malaya_zemlya]

As far as I can tell, the verification that DigiCert performs is 1. the company exists in various Business listings 2. the phone number listed in whois has a human behind it and the human confirms the phone number belogs to the company.

Source: Have to be that human from time to time

[nerdbert]

Only if you pay $$$$ for OV/EV.

If you get the normal DV cert they don't provide any more verification than Letsencrypt.

And since browsers have moved away from indicating OV/EV certs to end users, not many organizations are paying for those anymore.

[Tijdreiziger]

Can confirm as someone who has to renew a non-Let’s Encrypt cert every year (for reasons). The CA sends an automated email to the email address listed in WHOIS, you click a link in the email, and they issue the certificate. No human interaction necessary.

[ComputerGuru]

EV certs have a slightly more rigorous approach. They’ll call the registered agent for the business as registered/licensed with the state, not the phone number from whois or an email to webmaster@

[Tijdreiziger]

Yes, I’m just talking about regular DV certificates (the same type you’d get if you just used Let’s Encrypt).