I received an E-Mail today saying that an older client library (identified as “Go-http-client”) has sent 115 requests to the Let’s Encrypt API and that I need to update my client.
Here is the problem - the IP address that this E-Mail says the requests came from is not an IP address that I use or have ever used. This E-Mail makes me think that an unknown person is attempting to request certificates with my E-Mail address as the identifier.
I have looked at crt.sh for the domains that I own or manage but I have not found any certificates I do not control. However, I do not know if the person using my E-Mail address is issuing certificates for my domains or other domains.
So, my questions are:
- Is there a way to locate certificates that Let’s Encrypt has issued based on the E-Mail address provided as contact information?
- Is there a way to prevent others from using my E-Mail address to request certificates? Possibly a security token, ID number, revocation list, etc… that could restrict certificates that are issued without authorization?
Thank you for any assistance you can provide.