My domain is: vistastrategicadvisors.com,
We received an email saying that Cloudflare has observed issuance of the following certificate for vistastrategicadvisors.com or one of its subdomains: DNS Names: vistastrategicadvisors.com, www.vistastrategicadvisors.com
But no one from our team created it. And our existing certificate is valid until 4/6/24
How can we revoke this new malicious certificate?
The certificate is not malicious.
Your cPanel host that sits beneath your Cloudflare account (Bluehost) has automatically issued it to protect your domain:
$ openssl s_client -connect box5124.bluehost.com:2083 -servername vistastrategicadvisors.com -showcerts 2>/dev/null | openssl x509 -noout -dates -subject
notBefore=Jul 21 22:26:13 2023 GMT
notAfter=Oct 19 22:26:12 2023 GMT
subject=CN = www.vistastrategicadvisors.com
Cloudflare is not aware of the fact that your cPanel host is also issuing a certificate for your domain, so it sends an alert. However, you should not be alarmed and can safely ignore these alerts.
It makes sense to have a certificate both on the Cloudflare side and the cPanel side. It makes for a more secure, end-to-end protection.
Cloudflare may also send email alerts for certificates that they themselves requested.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.