Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1

Cloudflare discovered unauthorized TLS certificates for its 1.1.1.1 public DNS resolver, issued by Fina CA between February 2024 and August 2025. While the certificates were intended for internal testing, Fina CA failed to verify Cloudflare’s control over the IP address. Although the certificates were revoked and no malicious use was detected, this incident highlights the importance of certificate transparency and proper control checks by CAs.