Cloudflare recently discovered that unauthorized certificates were issued by Fina CA for its public DNS resolver service at the IP address 1.1.1.1, without Cloudflare's consent, between February 2024 and August 2025. While there is no evidence of malicious use, the incident highlights a lapse in security by Fina CA, which issued these certificates for internal testing purposes without verifying domain control. All unauthorized certificates have since been revoked. Cloudflare emphasized the importance of Certificate Transparency in identifying such issues and plans to enhance its monitoring and alerting systems to prevent similar incidents in the future. The company also highlighted the potential risks of unencrypted DNS queries and advocated for improved security measures for DNS clients using DNS over HTTPS (DoH) and DNS over TLS (DoT), which rely on certificate validation to establish server authenticity.