Let’s Encrypt plugs hole that let miscreants grab HTTPS web certs for strangers’ domains

Let’s Encrypt – a SSL/TLS certificate authority run by the non-profit Internet Security Research Group (ISRG) to programmatically provide websites with free certs for their HTTPS websites – on Thursday said it is discontinuing TLS-SNI validation because it’s insecure in the context of many shared hosting providers.

You can read the full article here.