[gandarojin]

I guess that’s why they will probably not use HTTP for the verification. Why would they? The client already generated a certificate and sent it to Let’s Encrypt, they can already use TLS.

[eslaught]

Except the cert used in that process is one uploaded by the user, and could easily be provided by an attacker. As long as the attacker can MITM the path to the domain's web server, they can provide that cert for TLS and successfully spoof the site.

Edit: Ok, technically it's a CSR signed by a private key, but you could still use the key to self-sign a cert or something... But none of that mitigates the MITM attack described above.

[ikeboy]

But you don't know that this is the client. If all you're trusting is the cert they already generated, how do you know it's not an attacker?

[gandarojin]

You’re right, I did not think this through…

[wtetzner]

You wouldn't have a signed cert until after the challenge has been completed. The client generated a CSR, not a certificate.