uh, at some point i apparently had a Sectigo/Comodo certificate issued for my domain name and i'm really hoping i can remember how/why?? (there's a DNS record for it, and i can see it in the CT logs)
Conversation
it seems to be a few hours after i renewed my domain name with Namecheap and Namecheap owns my DNS and Namecheap sells PositiveSSL certificates so i'm definitely looking in 's direction right now 👀
2
2
DNS registrar synthetic record for a domain / subdomain redirect. Could also be from a parked domain page which they might enable by default.
1
You can set up a CAA record to forbid CAs other than Let's Encrypt from issuing certificates for your domain.
There's also an upcoming feature for pinning your Let's Encrypt accounts to have actual secure authentication. Only supported by their staging server (dry runs) for now.
2
thanks. i probably will set up a CAA, but i should probably also move to Google Domains 🙃
Quote Tweet
support originally told me they couldn't find any details but magically could when i said i'd move my domain elsewhere 
i'd just been browsing some of Namecheap's hosting features and, even though i didn't buy it, it eagerly requested a SSL certificate 
i'd just been browsing some of Namecheap's hosting features and, even though i didn't buy it, it eagerly requested a SSL certificate Show this thread
1
I currently use Google Domains and have landing.google.com/advancedprotec enabled for my account. I just wish their provided authoritative DNS offered GeoDNS support.
They'd only issue a certificate for you if you very explicitly set up a synthetic record and explicitly enable TLS for it.
Show more replies