[Noobie] - Certbot - SSL - DNS

That’s irrelevant. Now normally, “I’d let that slide”, but you’re simply wrong, and you’re poisoning the well of someone trying to learn. There are plenty of times people might follow a link to micr0soft.com and think they’re in the right place because they have a little green lock, or they might go to google.com.apps.net and think they’re using google, because they have a little green lock. Plenty of people have fallen prey to impostor sites because some self-righteous boob told them the green lock means it’s the correct server.

A DV certificate indicates you have a secure connection, nothing more. Seeing that little green lock does NOT mean you’re viewing the correct domain, and it’s incredibly bad for you to tell a noobie that it does.

I did not make a false statement, I was correcting yours. Only an EV certificate verifies the controller of a domain, and there is no chance the OP would ever pay for such a thing.

That’s incorrect. A domain-validated certificate proves a link between the owner of the domain and the operator of the server, which is significant.

Then they misunderstand the green lock, which is functioning as intended: They are connected to the correct system for what they put in the address bar or the link they clicked.

I’m sorry for your misunderstanding of the subject matter, but I’m not going to get drawn into a flame war by a troll when I was here trying to help someone. I suggest you do some reading before calling people out. Have a nice day.

For those wondering what these different certificates are about:

  • Domain validated (DV) certificates prove that the server is authorized by the person who owns the domain. This is established because the private key that was used to register the certificate is present on the server. This is what you get when you do Let’s Encrypt’s HTTP or DNS validation process. They are verifying you control the domain.
  • Extended Validation (EV) certificates mean that the Certificate Authority (CA) has verified the identity of your organization, e.g. your business name and address, etc. This is used mainly for sites that sell things or take credit card payments. The idea is that the EV cert proves it’s an actual business. The extended validation has nothing to do with the server.