Hostnames of DigiCert failed domain validation

In the provided CSV's by DigiCert there are 83_267 unique serials and 166_397 crt.sh links (137 have #N/A in the precert column***). Please note that crt.sh is Precertificates heavy for DigiCert (see https://crt.sh/cert-populations?group=RootOwner).

I did a lookup of all serials and based on 84 batch requests to crt.sh between 2024-07-31T20:06:00Z and 2024-07-31T21:06:00Z this was the result:

  Pre  Leaf  Count   Percentage
  -    0        137   0.16% ***
  0    1      2_105   2.53%  
  1    0     71_732  86.15%  
  1    1      9_293  11.16%  

These are the match numbers based on the serial and sha256 fingerprint combination. Only 13.69% of the Leaf certificates are found, while 97.31% of Precertificates are found. Because of these numbers, it's not strange that the 137 certificates without Precertificates cannot be found.

All 92_423 can be found in this bzip2 compressed attachment in tab-separated values format: https://bugzilla.mozilla.org/show_bug.cgi?id=1910322#c16

These are certificates for 172_047 unique domains, of which 20_702 are wildcard and 71 IP Addresses (63 IPv4 and 8 IPv6).*