DreamHost-issued SSL certificates include CA, CRL and OCSP URLs broken by the DreamHost ruleset, which rewrites almost all dreamhost.com subdomains. Example page with such a cert: https://panel.dreamhost.com/ Example URLs affected, from that cert: http://crl.dreamhost.com/DREAMHOSTSSLDOMAINVALIDATEDCA.crl http://crt.dreamhost.com/DREAMHOSTSSLDOMAINVALIDATEDCA.crt http://ocsp.dreamhost.com (which is an OCSP server, natch) Aside from their control panel, it also affects their object storage service (https://objects.dreamhost.com/), which is more user-facing, and I suspect it could affect certs issued to users. **Trac**: **Username**: mnordhoff