I was wondering why and how bots can know new host certificated issuance ?
I have issued 2 certificates in the last 12 hours for host names made from randomly choosen serie of letters and numbers. These hostnames can not be guessed; typically there are 50 caracters longs. I own my dns servers and nobody (except my servers) can xfer my zones.
What I couldn't explain is that immediately (less than 10 seconds) after issuing a new letsencrypt certificate, I have bots connecting to my services.
IP: 22.214.171.124 useragent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.71 Safari/537.36" "en-US,en;q=0.9" NetRange: 126.96.36.199 - 188.8.131.52 CIDR: 184.108.40.206/14 NetName: CENTURYLINK-LEGACY-QWEST-INET-35 Organization: CenturyLink Communications, LLC (CCL-534) alias: Qwest Communications Company Country: 🇺🇸 route: 220.127.116.11/16 descr: Centurylink origin: AS209 IP: 18.104.22.168 useragent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" "-" inetnum: 22.214.171.124 - 126.96.36.199 netname: APEXIS-NET descr: Apexis AG descr: Zurcherstrasse 46 descr: 8400 Winterthur country: 🇨🇭 route: 188.8.131.52/16 descr: CH-SUNRISE-970513 descr: sunrise / TDC Switzerland AG origin: AS6730
How do they know my [new] hostnames: letsencrypt must publish this information right ? Is there a flag to certbot or acme.sh to not let this information be made publicy advertised: these are privates servers on my own hardware: I actively ban all these parasitic behaviour ?