Bogus renewal notice?

Please fill out the fields below so we can help you better.

My domain is: nczoo.com

I ran this command: n/a

It produced this output: n/a

My web server is (include version): n/a

The operating system my web server runs on is (include version): n/a

My hosting provider, if applicable, is: siteground.com

I can login to a root shell on my machine (yes or no, or I don’t know):N

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Y

I received an email from Let’s Encrypt Expiry Bot (expiry@letsencrypt.org) stating that a certificate on “fred.nczoo.com” is set to expire on 19 September 2017. This is confusing to say the least as I do not have a subdomain “fred” on my nczoo.com server. As well, any certificates that I am using on nczoo.com are handled directly through my host, SiteGround–I have never logged into the Let’s Encrypt site and in fact had to create an account today in order to provide this support request.

Is there some phishing going on? Again, the source and purpose of the email sent by the Expiry Bot is very uncertain to me. Any help appreciated. Thanks very much.

Mark

Probably legit notice (but most likely for a cert that is no longer in use).
See: https://crt.sh/?q=nczoo.com
Can you share the details in the notice?

1 Like

Well that was a fast reply :sunglasses:

here’s the notice in its entirety

START
Hello,

Your certificate (or certificates) for the names listed below will expire in
19 days (on 19 Sep 17 18:09 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.

fred.nczoo.com

For any questions or support, please visit https://community.letsencrypt.org/.
Unfortunately, we can’t provide support by email.

For details about when we send these emails, please visit
https://letsencrypt.org/docs/expiration-emails/. In particular, note
that this reminder email is still sent if you’ve obtained a slightly
different certificate by adding or removing names. If you’ve replaced
this certificate with a newer one that covers more or fewer names than
the list above, you may be able to ignore this message.

If you want to stop receiving all email from this address, click
http://mandrillapp.com/track/unsub.php?u=30850198&id=c12a5e11af3d4832a42cf3e3d0d5262c.WWlEY0gVuNHpINZL8CWyMUnY26s%3D&r=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dmark%40redtailhawk.us
(Warning: this is a one-click action that cannot be undone)

Regards,
The Let’s Encrypt Team

STOP

again, thanks so much for your help

mark

That is an accurate expiration for fred.nczoo.com
See: https://crt.sh/?id=158809464

Since the FQDN doesn’t resolve to any IP, I can only assume it is no longer in use.

Very good, thanks. I am new to your site (I typically handle LE certificates in SiteGround cPanel) so this was a nice bit of education. I am curious why the entry at

https://crt.sh/?id=158809464

does not show up on

https://crt.sh/?q=nczoo.com

thanks again for your time

I suppose it has to do with “display limits”…
Can you imagine what a request on “ibm.com” or “Microsoft.com” would return if all related FQDNs were displayed?

OK cool, that makes sense…thanks so much again for your help here.

Indeed it is because it only searchs for exactly the domain name nczoo.com, if you want to search for certificates issued for you subdomains you need to use % as a wildcard %.nczoo.com

https://crt.sh/?q=%.nczoo.com

Cheers,
sahsanu

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.