Expiry Bot - unassociated domain

Just received an expiry reminder for a domain I am not associated with.
Not sure if it’s a bug, security issue/hack or something else.

Domain is *.kacangkuaciper.men (there’s no registration details on whois)

Hi,

That's not normal, but from what I think: some people just don't want to provide their email (and still want to provide an email) might write a random one...

Since whois are broken due to GDPR compliance.

You could click on unsubscribe if you are sure that you will not need expiry email. (I personally suggest just ignore it..... since unsubscribe will remove you from all future email from lets encrypt)

Thank you

Yeah - I won’t be unsubscribing.

Probably should deregister the SSL though - for a random email, it’s a bit specific.

Hi @SteveCasta

are you a customer or are you a hosting company?

If you are a customer, then your hosting company may have installed Letsencrypt-certificates. And has used the wrong email to create an account.

Your hosting company should use a mailadress of the hosting company to create letsencrypt-accounts.

Our CPS and Subscriber Agreement indicate that the Subscriber is whoever holds the private key for a certificate. For hosting providers, that’s the provider, not the provider’s customer. If you’re writing software that people deploy themselves, that’s whoever is deploying the software.

The contact email provided when creating accounts (aka registrations) should go to the Subscriber.

Have you ever used some sort of shared hosting control panel to create Let’s Encrypt certificates?

Can you tell if that domain uses the same host as you did – or, more to the point, did so 2-3 months ago?

This was a problem with certain versions of Plesk’s Let’s Encrypt extension, for example:

1 Like

Our SSLs are installed on non-dedicated AWS hosts using puppet. We install ourselves and don’t use or have any shared tools/servers.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.