Certificate for domain I own issued to someone not me

My domain is: freedle.xyz

I ran this command: (none)

It produced this output: Someone got a certificate issued for my domain

My web server is (include version): (n/a)

The operating system my web server runs on is (include version): (n/a)

My hosting provider, if applicable, is: namecheap for registrar, Cloudflare for nameservers

I can login to a root shell on my machine (yes or no, or I don't know): (n/a)

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): (n/a)

I received an email from cloudflare's certificate transparency thing, advising me that a Let's Encrypt certificate was issued for a domain I control/own. I did not issue a request for this certificate and my auto-renew script does not call for an SSL certificate for this domain. How did this get issued and how can I ensure this does not happen in future? I have full 2fa set up on my entire chain.

Details from the cloudflare email:

Log date: 2023-01-02 02:48:17 UTC
Issuer: CN=E1,O=Let's Encrypt,C=US
Validity: 2023-01-02 01:48:17 UTC - 2023-04-02 01:48:16 UTC
DNS Names: *.freedle.xyz, freedle.xyz

Hi, my apologies. After digging further I found out that Cloudflare issued a backup LE certificate for use, but the email was phrased "has observed issuance" - I was not aware that CF would be holding a backup certificate as part of its own processes, nor that I would get an email (In my defense I have not received such an email previously from CloudFlare despite using their monitoring, and their hosting, for nearly a year for this domain) this was I would misinterpret as implying unexpected behaviour, rather than CloudFlare doing what was needed to keep my site running


You are using Cloudflare proxy. Cloudflare uses Let's Encrypt along with other Certificate Authorities. The certificate is for your site.


Cloudflare’s behaviour and emails are definitely a common point of confusion


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.