Emails about certificate expiry for domains I do not own

nickmilleruk · February 18, 2023, 8:49pm

I have reveieved a certificate expiry email for a domain I don’t own or control. At first I thought it was spam,
but a closer inspection suggests it’s genuine. Is something broken? Or is someone using my email address to register certificates?

I don’t seem to be able to find anyone who you would contact about an issue like this.

It raises a couple of questions for me, firstly about the processing of personal data about people without their consent (e.g. my email address), and secondly about the implications of having your email address associated with a domain that’s not under your control. Who knows what that domain is being used for!

The email does contain an unsubscribe link - however I am unclear what implications that has because I do have domains that use letsencrypt and I certainly want to get any notices about them.

Any pointers on who to contact would be appreciated.

Thanks
Nick

Osiris · February 18, 2023, 9:05pm

Unfortunately, this is very much possible. There's no email verification step in the ACME process.

Are your own domains also using the same email address as to which the expiry email was addressed to?

Bruce5051 · February 18, 2023, 9:07pm

Please read all the following:

rg305 · February 19, 2023, 1:39am

Do the expiring domains resolve to the same IP where your domain is being hosted?

system · March 21, 2023, 1:40am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.