what is Certificate Transparency
Based on RFC 6962, Certificate Transparency makes public all issued certificates in the form of a distributed ledger, giving website owners and auditors the ability to detect and expose inappropriately issued certificates.
Here is how it works:
So, some people may monitor these CT logs to detect your domain unexpectedly.
it’s easy, there are many opensource projects to do it, such as: this, and this .
you can issue a Wildcard Certificates, and use a random node in the same zone, then it’s hard to detect your domain if you protect it safely.