Comment Re: agreed (Score 1) 207
Okay. BGP hijacking would be valid. Compromising the server would mean that you do have effective control over the domain and you don't even need to do a man-in-the-middle as you'd have access to the un-encrypted data anyway. I'm not sure what you mean by poorly secured DNS services - the challenge/response is performed by LetsEncrypt so DNS poisoning the client wouldn't work very well. You'd have to DNS poison the LetsEncrypt servers which would pretty much be a BGP hijack.