An interesting read about how a vulnerability in Let’s Encrypt ACME TLS-SNI-01 validation led to being able to issue SSL certificates for any domain desired. Let’s Encrypt has Disabled ACME TLS-SNI-01 Validation for now.
How I exploited ACME TLS-SNI-01 issuing Let’s Encrypt SSL-certs for any domain using shared hosting
Click the link above to read the full article…