Digicert really is trying to explain this as nothing whereas they avoided a huge issue if someone realized you could get a wild card certificate for a domain you don’t own. The underscore in domain validation is needed so that subdomain DNS providers don’t issue a subdomain which can be used for domain validation. Without the underscore, someone could validate a domain and the register a username without the underscore at a provider which sets your subdomain as your username.
Pretty bad situation but it could be worse if that happened and Digicert became untrusted completely.
lnxtx@feddit.nl 3 months ago
DigiCert again?