How I exploited TLS-SNI-01 to issue Let's Encrypt certs using shared hosting

Hi, I'm the author of the article. As I wanted to point out, I'm not assuming this was something Let's Encrypt did wrong, but rather assumptions in the specification which was not equivalent to the reality. I am really happy how this all was handled by Let's Encrypt.

I've been thinking about this issue with domain validation for a long time. It is not a solved problem yet. There is no standard for it. There are clearly overlapping techniques from the 10 blessed being used in the wild (Google being one) but the adoption has been really slow.