Customers receive let’s encrypt renewal mails from other websites hosted on our servers

We have a strange situation and that is that customers receive let’s encrypt renewal mails from other websites hosted on our servers. How is this possible? Does anyone has had anything simular?

I think you'll need to provide some more information for people here to be able to help you. Let's Encrypt sends reminder emails to the email address listed in the ACME Account. Usually, you set this when you register for an account using your ACME Client. So to help, I think we'd need to understand what exactly your setup is. Do you have multiple customers, each with their own web sites? Do you have a separate ACME Account for each customer? Are you configuring SSL/TLS for your customers, or are they setting things up themselves? The email address is supposed to be that of the "Subscriber" (see "Who is the Subscriber" in the Integration Guide), which is the entity with the private key (which makes a lot of sense, since they're the person who can do something about handling renewals or problems). So I guess the question is whether your email addresses on file with each ACME account you use is correct, and if not you probably want to make it correct. You can change the email address of an ACME account if it's wrong, but the specific command to do so depends on the client you're using.

You asked if anyone has had something similar, and there was this post a couple weeks ago where a company that was hosting sites for multiple companies had some similar confusion about who should be getting email messages and had set things up where one customer got another customer's expiration email. So I suspect that yes, there are multiple people who also have some confusion around this. I'm sure any suggestions for improving the Integration Guide, or helping ensure people read it, would be appreciated!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.