SSL Certificate Analysis for mail.host.do - Security Grade & TLS Configuration

Subject

CN=*.intodominio.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

September 29, 2025

Valid Until

December 28, 2025 46 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

DE:94:F9:2E:86:C9:19:20:87:13:BB:70:28:33:6D:B4:94:0A:32:7B:52:90:86:64:E4:EB:F5:A0:3B:84:F0:D4

Alternative Names

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports