Getting notification about exiering cetificates even though we never registered them with you in the first place


#1

My client get this e-mail from you even though the domains are not registered with you but with another SSL provider. My firs though was that it was just a spam message but found it a bit strange that a company like you would send a spam message so I wanted to ask you.

Hello,

Your certificate (or certificates) for the names listed below will expire in
1 days (on 02 Apr 18 14:08 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.

My domain is:
cleverstore.no
se.cleverstore.no
www.cleverstore.no


#2

Let’s Encrypt will only send that email if an ACME account was registered with an email address. This is an intentional action by a client. Let’s Encrypt has no way to pick email addresses out of thin air.

Are those your domains?

Here is the evidence that certificates were issued under Let’s Encrypt for those domains, by the way: https://crt.sh/?q=cleverstore.no


#3

On 2 January, someone created certificates using Let’s Encrypt for those domains using your email address. On 4 January, new certificates were created using a different CA:
https://crt.sh/?q=%cleverstore.no


#4

Strange since we or out SSL provider, ByPass knows nothing about why the domains have been registrated with you but we did a new registration with them in January 2018 and it seems like this has also ended up in your sustem but we have in the deal with them that the domians you say run out now is actually running till January 2020. I will resend your feedback to ByPass.


#5

My SSL provider says that we should ask you to revoke what you have on those domains since we alsready have this through them dor the next 2 years. What do we need to do to get that done?


#6

Since those certificates expired yesterday, there’s nothing to revoke.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.