Its one reason i use DNS challenge wildcard domains.
I know security through obscurity is not security, and that a leaked wildcard cert is more damaging… However the likelihood of a leaked cert is slim, the convenience is huge, the attack window isn’t huge (well, 90 days) and less published information about internals feels more secure.
maybe you issued one certificate with multiple domains, mixing internet facing ones with purely internal. It is very easy to discover hidden subdomains inspecting the certificate you get from a public service
deleted by creator
Its one reason i use DNS challenge wildcard domains.
I know security through obscurity is not security, and that a leaked wildcard cert is more damaging… However the likelihood of a leaked cert is slim, the convenience is huge, the attack window isn’t huge (well, 90 days) and less published information about internals feels more secure.
maybe you issued one certificate with multiple domains, mixing internet facing ones with purely internal. It is very easy to discover hidden subdomains inspecting the certificate you get from a public service