maybe you issued one certificate with multiple domains, mixing internet facing ones with purely internal. It is very easy to discover hidden subdomains inspecting the certificate you get from a public service
Comment on Confused about bot scanning my domain
Linguist@lemmy.world 7 months agoAhhhh thank you. Yes I use LetsEncrypt for all the homelab services which explains it then.
pp99@sh.itjust.works 7 months ago
towerful@programming.dev 7 months ago
Its one reason i use DNS challenge wildcard domains.
I know security through obscurity is not security, and that a leaked wildcard cert is more damaging… However the likelihood of a leaked cert is slim, the convenience is huge, the attack window isn’t huge (well, 90 days) and less published information about internals feels more secure.