All modern browsers require certificates to be published in the certificate transparency logs in order to be considered valid.
These are monitored, things do get noticed[0], and things like this can and have lead to CAs being distrusted.
It's not foolproof, and it's reactive rather than proactive... but in general, this is unlikely to be happening on major sites or at any significant scale.
I'd wholeheartedly recommend people taking some time and reading through the CA Compliance issues on Bugzilla. The entire CA program there, in my opinion, does a fantastic and largely thankless job of keeping this whole thing on the rails. It's one of the few things I can say I had _more_ trust in the more I looked into it.
These are monitored, things do get noticed[0], and things like this can and have lead to CAs being distrusted.
It's not foolproof, and it's reactive rather than proactive... but in general, this is unlikely to be happening on major sites or at any significant scale.
I'd wholeheartedly recommend people taking some time and reading through the CA Compliance issues on Bugzilla. The entire CA program there, in my opinion, does a fantastic and largely thankless job of keeping this whole thing on the rails. It's one of the few things I can say I had _more_ trust in the more I looked into it.
[0]: https://bugzilla.mozilla.org/show_bug.cgi?id=1934361