tls.automattic.com

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 03:9f:09:4e:ba:29:e5:59:ff:ad:5f:0d:a8:6a:cf:a9:43:0c was issued on by Let's Encrypt.

With 51 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=tls.automattic.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:9f:09:4e:ba:29:e5:59:ff:ad:5f:0d:a8:6a:cf:a9:43:0c
Serial Number (int): 315454125962674507401303580322060185453324
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 6c:2c:5d:5e:1b:48:20:a1:3b:58:ef:8e:65:f0:78:c5:ac:6d:24:96
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): 6d:a0:f4:c9:4a:47:23:6e:bd:46:9a:93:78:a3:2d:bc:01:45:8e:41
Fingerprint (sha256): 57:88:fc:e1:44:36:8a:95:ba:13:c4:44:5e:80:4c:fb:b3:de:87:2a:65:9d:96:98:e9:5a:d3:f0:f8:66:9a:81

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate tls.automattic.com

51

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for tls.automattic.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

recordingthelight.com
recordlivinglab.org
recordshopshots.com
recordsoftheohanzee.com
recordswithmerritt.com
recoveringcorporate.com
recoveringfed.com
recoveringhoarder.com
recoveringminnesotan.com
recoveringparalegal.com
recoveringracistdocumentary.com
recoveringstagemanager.com
recoveringtechnologist.com
recoveringtheplot.com
recoveringwizard.com
recoverwithcbt.com
recovery4real.com
recoveryacounttdb.com
recoveryalongroute66.com
recoverydc.org
recoverydiva.com
recoveryhomescollaborative.org
recoveryinthebin.org
recoverymama.com
recoverymindtn.blog
recoverynet.ca
recoveryofthemind.com
recoveryrd.com
tls.automattic.com
www.recordshopshots.com
www.recordswithmerritt.com
www.recorriendoysaboreando.com
www.recortesdeorientemedio.com
www.recoverabetterfuture.com
www.recoveringcontrolfreak.org
www.recoveringfed.com
www.recoveringgirl.com
www.recoveringmotherhood.org
www.recoveringparalegal.com
www.recoveringstagemanager.com
www.recoveringtechnologist.com
www.recoveringworkaholicblog.com
www.recovery-massage.com
www.recoverydc.org
www.recoveryfaithcommunity.org
www.recoveryhomescollaborative.org
www.recoveryinthebin.org
www.recoverymama.com
www.recoverymindtn.blog
www.recoverynet.ca
www.recoveryofthemind.com

Other certificates including the domain name automattic.com

(limited to 100 certificates)
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com
tls.automattic.com

Certificate

The complete raw certificate details for tls.automattic.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIKSTCCCTGgAwIBAgISA58JTrop5Vn/rV8NqGrPqUMMMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAzMjYwNDEwNThaFw0x
OTA2MjQwNDEwNThaMB0xGzAZBgNVBAMTEnRscy5hdXRvbWF0dGljLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5I1TDNIf5sY7E7aLZrdvwXPVXh
V0+mE86iPNnaAHUO/z0Q5SILP/qOmlL9tzwhhYyiYKoHFCNhM+wYf/TTUX2/D/U9
oZCUPoxdVoSLb7YIzm28uYkvFeFdRkV1QLk5pZ2c7F9Iqz7I2l/q5/RUW0ZETTGn
dbswe8HNG1Drd1yO/NApdxxvk3jWuUT2G+Ll/3+5Le11por1ixNytxmdkVfaOGAw
P9cIVQF/Xdol7M6c0ezMZbRscwi0Q4CjdgUIQXandGjObK8vJH58i2y28fDQ2U1x
rF/ZT23OHUkfsD6v99aMFMUCOCGH7EocfMKTMpCdFGw+2VRbeR6uXUwuRHMCAwEA
AaOCB1QwggdQMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUbCxdXhtIIKE7WO+OZfB4
xaxtJJYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUH
AQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5
cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5
cHQub3JnLzCCBQYGA1UdEQSCBP0wggT5ghVyZWNvcmRpbmd0aGVsaWdodC5jb22C
E3JlY29yZGxpdmluZ2xhYi5vcmeCE3JlY29yZHNob3BzaG90cy5jb22CF3JlY29y
ZHNvZnRoZW9oYW56ZWUuY29tghZyZWNvcmRzd2l0aG1lcnJpdHQuY29tghdyZWNv
dmVyaW5nY29ycG9yYXRlLmNvbYIRcmVjb3ZlcmluZ2ZlZC5jb22CFXJlY292ZXJp
bmdob2FyZGVyLmNvbYIYcmVjb3ZlcmluZ21pbm5lc290YW4uY29tghdyZWNvdmVy
aW5ncGFyYWxlZ2FsLmNvbYIfcmVjb3ZlcmluZ3JhY2lzdGRvY3VtZW50YXJ5LmNv
bYIacmVjb3ZlcmluZ3N0YWdlbWFuYWdlci5jb22CGnJlY292ZXJpbmd0ZWNobm9s
b2dpc3QuY29tghVyZWNvdmVyaW5ndGhlcGxvdC5jb22CFHJlY292ZXJpbmd3aXph
cmQuY29tghJyZWNvdmVyd2l0aGNidC5jb22CEXJlY292ZXJ5NHJlYWwuY29tghVy
ZWNvdmVyeWFjb3VudHRkYi5jb22CGHJlY292ZXJ5YWxvbmdyb3V0ZTY2LmNvbYIO
cmVjb3ZlcnlkYy5vcmeCEHJlY292ZXJ5ZGl2YS5jb22CHnJlY292ZXJ5aG9tZXNj
b2xsYWJvcmF0aXZlLm9yZ4IUcmVjb3ZlcnlpbnRoZWJpbi5vcmeCEHJlY292ZXJ5
bWFtYS5jb22CE3JlY292ZXJ5bWluZHRuLmJsb2eCDnJlY292ZXJ5bmV0LmNhghVy
ZWNvdmVyeW9mdGhlbWluZC5jb22CDnJlY292ZXJ5cmQuY29tghJ0bHMuYXV0b21h
dHRpYy5jb22CF3d3dy5yZWNvcmRzaG9wc2hvdHMuY29tghp3d3cucmVjb3Jkc3dp
dGhtZXJyaXR0LmNvbYIed3d3LnJlY29ycmllbmRveXNhYm9yZWFuZG8uY29tgh53
d3cucmVjb3J0ZXNkZW9yaWVudGVtZWRpby5jb22CHHd3dy5yZWNvdmVyYWJldHRl
cmZ1dHVyZS5jb22CHnd3dy5yZWNvdmVyaW5nY29udHJvbGZyZWFrLm9yZ4IVd3d3
LnJlY292ZXJpbmdmZWQuY29tghZ3d3cucmVjb3ZlcmluZ2dpcmwuY29tghx3d3cu
cmVjb3ZlcmluZ21vdGhlcmhvb2Qub3Jnght3d3cucmVjb3ZlcmluZ3BhcmFsZWdh
bC5jb22CHnd3dy5yZWNvdmVyaW5nc3RhZ2VtYW5hZ2VyLmNvbYIed3d3LnJlY292
ZXJpbmd0ZWNobm9sb2dpc3QuY29tgiB3d3cucmVjb3ZlcmluZ3dvcmthaG9saWNi
bG9nLmNvbYIYd3d3LnJlY292ZXJ5LW1hc3NhZ2UuY29tghJ3d3cucmVjb3Zlcnlk
Yy5vcmeCHnd3dy5yZWNvdmVyeWZhaXRoY29tbXVuaXR5Lm9yZ4Iid3d3LnJlY292
ZXJ5aG9tZXNjb2xsYWJvcmF0aXZlLm9yZ4IYd3d3LnJlY292ZXJ5aW50aGViaW4u
b3JnghR3d3cucmVjb3ZlcnltYW1hLmNvbYIXd3d3LnJlY292ZXJ5bWluZHRuLmJs
b2eCEnd3dy5yZWNvdmVyeW5ldC5jYYIZd3d3LnJlY292ZXJ5b2Z0aGVtaW5kLmNv
bTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUF
BwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQYGCisGAQQB1nkCBAIE
gfcEgfQA8gB3AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABabho
ofMAAAQDAEgwRgIhAMK0EtJupvN6sD9pk4/Mr/rigN4qd0i07riwpZV+5b7IAiEA
zdDTSmQ8ARCrKWzFavscs4wknm6yrjC37NJMWmmNKb8AdwApPFGWVMg5ZbqqUPxY
B9S3b79Yeily3KTDDPTlRUf0eAAAAWm4aKLwAAAEAwBIMEYCIQDsxIQEtOeQ3sZZ
nhTkRwHx5aumbCQ/Zz58KfrEr6Oi3QIhALW4mxQ9CEYnoPLVEKMrFLfY9UFTntKv
n0RADH8VIUaBMA0GCSqGSIb3DQEBCwUAA4IBAQBxrEPjNrnHBYhzRxsyzNQfO6Ro
0D8cRygoD8d1eYPf2JihnktSBUmRL2W/mKiPMOYZ8Ih6IGMGC6iBoNiXv4B2tTyv
RO++zC1TywFPq5nfHoeyC+M4JnnoWAmO5bnW+L96A8rUOPkBevcCFcyW1TAaus/c
oePZlBM1TDjV/TyGYYFoqpNIyR2gD8MI5/CEaWOVMarSQXTCi/7g0UFTvjzg2yvS
/YofO7F+3tJyzUNHbRuJVar4zhU7hDEknxJ3Tyy3WUu5aSP8PoNw4m4/MrS5Hbg7
dUYVPXMLIV3Vw6ytJrdxCm6+gqRYyEiKyDpw1cIWx5dNbnnOzSyqJBnJ+W7B
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkjVMM0h/mxjsTtotmt2
/Bc9VeFXT6YTzqI82doAdQ7/PRDlIgs/+o6aUv23PCGFjKJgqgcUI2Ez7Bh/9NNR
fb8P9T2hkJQ+jF1WhItvtgjObby5iS8V4V1GRXVAuTmlnZzsX0irPsjaX+rn9FRb
RkRNMad1uzB7wc0bUOt3XI780Cl3HG+TeNa5RPYb4uX/f7kt7XWmivWLE3K3GZ2R
V9o4YDA/1whVAX9d2iXszpzR7MxltGxzCLRDgKN2BQhBdqd0aM5sry8kfnyLbLbx
8NDZTXGsX9lPbc4dSR+wPq/31owUxQI4IYfsShx8wpMykJ0UbD7ZVFt5Hq5dTC5E
cwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 315454125962674507401303580322060185453324
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-03-26 04:10:58 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-24 04:10:58 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'tls.automattic.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26041006003380849606449914978263619014583422133359535544134271953769271122461514374399438859097119224506337494392775997061201751946953172949749646907339693768198714488747860168455521345881633292878600491888398730303733629968512245854722206435074925803466495595176456975119015794496866597601234501409275546251768197074289178463831354742999853524216694491569400749545829248186509559003780825463691303729818824985164825474957038330932489873791995821389191664625410056900777382169008961319701841278607101723876549679281607942821383332273284736994710657089690950884283150520164268433534640344398526314210625901063289324659
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6c2c5d5e1b4820a13b58ef8e65f078c5ac6d2496
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1277 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recordingthelight.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recordlivinglab.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recordshopshots.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recordsoftheohanzee.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recordswithmerritt.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveringcorporate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveringfed.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveringhoarder.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveringminnesotan.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveringparalegal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveringracistdocumentary.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveringstagemanager.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveringtechnologist.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveringtheplot.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveringwizard.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoverwithcbt.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recovery4real.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveryacounttdb.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveryalongroute66.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoverydc.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoverydiva.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveryhomescollaborative.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveryinthebin.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoverymama.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoverymindtn.blog'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoverynet.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveryofthemind.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveryrd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tls.automattic.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recordshopshots.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recordswithmerritt.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recorriendoysaboreando.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recortesdeorientemedio.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoverabetterfuture.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveringcontrolfreak.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveringfed.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveringgirl.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveringmotherhood.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveringparalegal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveringstagemanager.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveringtechnologist.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveringworkaholicblog.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recovery-massage.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoverydc.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveryfaithcommunity.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveryhomescollaborative.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveryinthebin.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoverymama.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoverymindtn.blog'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoverynet.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.recoveryofthemind.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
							00f20077006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000169b868a1f30000040300483046022100c2b412d26ea6f37ab03f69938fccaffae280de2a7748b4eeb8b0a5957ee5bec8022100cdd0d34a643c0110ab296cc56afb1cb38c249e6eb2ae30b7ecd24c5a698d29bf007700293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f47800000169b868a2f00000040300483046022100ecc48404b4e790dec6599e14e44701f1e5aba66c243f673e7c29fac4afa3a2dd022100b5b89b143d084627a0f2d510a32b14b7d8f541539ed2af9f44400c7f15214681
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0071ac43e336b9c7058873471b32ccd41f3ba468d03f1c4728280fc7757983dfd898a19e4b520549912f65bf98a88f30e619f0887a2063060ba881a0d897bf8076b53caf44efbecc2d53cb014fab99df1e87b20be3382679e858098ee5b9d6f8bf7a03cad438f9017af70215cc96d5301abacfdca1e3d99413354c38d5fd3c86618168aa9348c91da00fc308e7f08469639531aad24174c28bfee0d14153be3ce0db2bd2fd8a1f3bb17eded272cd43476d1b8955aaf8ce153b8431249f12774f2cb7594bb96923fc3e8370e26e3f32b4b91db83b7546153d730b215dd5c3acad26b7710a6ebe82a458c8488ac83a70d5c216c7974d6e79cecd2caa2419c9f96ec1