1. Let's Encrypt

Letsencrypt を見てください。

https://letsencrypt.org/howitworks/

Without Automatic Web Server Configuration

This will simply place your new certificate in the current directory.

$ letsencrypt -d example.com auth

https://github.com/letsencrypt/letsencrypt

1.1. Mitigating DNS fragmentation attack

Oct 2018 https://community.letsencrypt.org/t/mitigating-dns-fragmentation-attack/74838

関連論文: https://dl.acm.org/doi/10.1145/3243734.3243790

Domain Validation++ For MitM-Resilient PKI

https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf

OFF-PATHATTACKSAGAINSTPUBLIC KEYINFRASTRUCTURES