Can a powerful adversary trick ACME to generate a certificate?
As per the recent jabber.ru MITM attack:
The attacker has issued several new TLS certificates using Let’s Encrypt service which were used to hijack encrypted STARTTLS connections on port 5222 using transparent MiTM proxy.
My understanding is that (allegedly) the hosting provider (Hetzner) simply rewired the networking to perform an ACME protocol re-run with Let's Encrypt. This got them their own certificate, allowing them to perform the wiretapping.
Say a powerful adversary (such as a hostile government) wants to intercept TLS protected traffic to a site. My understanding is that they could then do so even without coercing the hosting provider. For example, they could take control of network-wise entry-points to the host and repeat the DV certificate ACME HTTP challenge with Let's Encrypt. Alternatively, producing a valid certificate may be done via the DNS challenge ACME challenge.
Given these (and other) options, what's the most likely way (e.g. least costly, or least operationally complicated) a hostile government would attempt to trick ACME into generating a certificate?
Note: certificate transparency would allow detection, which is good, but may not always happen.
