Google spidering based on security certificates?
I decided to use Let's Encrypt to generate a certificate for a number of my subdomains, wrapping them all into a single SAN certificate. I included a subdomain that is used essentially only for direct client testing; it's not linked to anywhere else on the web. Soon afterwards, Google began to spider it, giving itself away with the same annoying errors I mentioned in this discussion.
Is this a known/documented practice by Google, and presumably other spiders? I get that the information is in the cert, I just didn't figure spiders went digging that deep in their quest to hoover up everything. In the future, I guess I'm going to have to generate dedicated certificates for my "secret" servers. Word to the wise.