My complaint:
GoDaddy, as a root CA, offer a service of issuing SSL certificates on any domain. Although the procedure of issuing a new certificate includes validation with the domain owner, a malicious user is capable of spamming the owners with validation emails, hoping for the owner to accidentally approve the certificate. Attempts to contact GoDaddy’s abuse team or general support have no effect, and the validation emails keep coming in.
More information provided on Security.StackExchange article: https://security.stackexchange.com/questions/258014/reporting-a-root-ca-non-compliance
Suggested solution:
Resolution depends on how exactly the users can generate the certificate requests. If they can do it anonymously, this is a security concern, and such possibility must be closed. If they have to be authenticated users, then GoDaddy must have a working channel to receive complaints from the domain owners, identify the culprits and prevent them from requesting certificates for random domains.