In `@src/Appwrite/Platform/Tasks/SSL.php`:
- Around line 76-81: The current ownership check in the foreach loop uses
str_ends_with($domain->get(), $appwriteDomain) which yields false positives
(e.g. "evilappwrite.io"); change the condition in the loop to mark owner =
'Appwrite' only when $domain->get() equals $appwriteDomain exactly or when the
matched suffix is preceded by a dot (i.e. the char before the suffix is '.'),
keeping the rest of the foreach and the $owner assignment intact; update the
condition around $appwriteDomain and $domain->get() accordingly so subdomain
matches are valid but arbitrary suffix matches are not.
- Around line 98-103: The queued domain Document in SSL.php is missing the
domainType attribute; update the $queueForCertificates->setDomain(...) call to
include 'domainType' => $rule->getAttribute('type') alongside 'domain' (so the
new Document contains both keys), leaving the subsequent
->setSkipRenewCheck($skipCheck)->trigger() chain unchanged; locate the code
around the setDomain invocation on $queueForCertificates and add the domainType
entry sourced from $rule->getAttribute('type').

In @.env:
- Line 26: Move the _APP_DOMAIN entry so dotenv-linter ordering is correct:
locate the environment keys named _APP_DOMAIN and _APP_EDITION and reorder them
so _APP_DOMAIN appears immediately before _APP_EDITION (i.e., place the line
starting with _APP_DOMAIN above the line starting with _APP_EDITION), then run
dotenv-linter to verify the warning is resolved.

In @.env:
- Line 1: Remove the committed production flag from the shared .env by deleting
or changing the _APP_ENV=production entry and instead add guidance to use
environment-specific files or deployment secrets; create or update an ignored
.env.production for actual production values (and ensure it is gitignored) and
provide a safe example value in a committed .env.example (e.g.,
_APP_ENV=development) so developers have defaults without shipping production
settings.
- Around line 25-26: Remove deployment-specific values from the tracked .env by
replacing the hardcoded _APP_DNS and _APP_DOMAIN with non-sensitive placeholders
or local defaults: update the _APP_DOMAIN entry (currently _APP_DOMAIN) to a
generic/example domain (e.g., example.local or appwrite.test) and change
_APP_DNS (currently _APP_DNS) to a local/default DNS (e.g., 127.0.0.1) or a
clearly marked placeholder; ensure any real deployment values are moved to env
files excluded from version control or injected by deployment tooling.

In `@src/Appwrite/Platform/Tasks/SSL.php`:
- Around line 44-45: The $skipCheck normalization currently coerces boolean true
into a string and flips it; change the logic in the SSL task where $skipCheck is
normalized so that if $skipCheck is already a boolean it is left unchanged,
otherwise normalize string values case-insensitively (accepting 'true','1','yes'
as true) and set $skipCheck accordingly; update the code that assigns $skipCheck
(the variable named $skipCheck in this file) to perform an is_bool($skipCheck)
check first and only apply string-to-boolean parsing when it is not boolean.