Emails about certificate expiry for domains I do not own

I have reveieved a certificate expiry email for a domain I don’t own or control. At first I thought it was spam,
but a closer inspection suggests it’s genuine. Is something broken? Or is someone using my email address to register certificates?

I don’t seem to be able to find anyone who you would contact about an issue like this.

It raises a couple of questions for me, firstly about the processing of personal data about people without their consent (e.g. my email address), and secondly about the implications of having your email address associated with a domain that’s not under your control. Who knows what that domain is being used for!

The email does contain an unsubscribe link - however I am unclear what implications that has because I do have domains that use letsencrypt and I certainly want to get any notices about them.

Any pointers on who to contact would be appreciated.


1 Like

Unfortunately, this is very much possible. There's no email verification step in the ACME process.

Are your own domains also using the same email address as to which the expiry email was addressed to?


Please read all the following:

  1. Expiration Emails - Let's Encrypt
  2. Privacy Policy - Let's Encrypt.
  3. Contact - Let's Encrypt

Do the expiring domains resolve to the same IP where your domain is being hosted?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.