@lienrag @GossiTheDog The attacker was apparently able to issue valid LE certs for the affected domain, so unless something like certificate pinning was used on the client they wouldn't notice anything wrong with the cert.