I received an e-mail last month that seems legit, but since I cannot find any matches for it in Google, I have become suspicious. It was sent to the admin that LE has (I guess it’s somewhere in the cert).
Subject: HTTPS Certificate expires soon for the site www.example.com From: <firstname.lastname@example.org> Body: To the owner of www.example.com, We are a team of computer security researchers at the University of California Berkeley and the University of Washington studying HTTPS configurations on websites. We recently detected that the TLS certificate for your site will be expiring at X MST. All browsers may soon block users from accessing www.example.com with a security warning message if your certificate is not renewed. If you have already renewed your TLS certificate, you can ignore this message. Thank you for making your website safer for your users. When your certificate expires, browsers will be unable to verify that the connection to your server is secure, and will block users from accessing your site by displaying a full-screen security warning. This is done to protect users' browsing data, such as passwords, page content, and form data, from being intercepted or tampered with by a third party. Here's how to fix this problem: Contact your certificate authority to renew your TLS Certificate Contact Let's Encrypt to obtain an up-to-date TLS certificate. If you do not run your own server, contact your hosting provider to resolve this issue. Tell your hosting provider that the TLS certificate for your site is expiring soon, and needs to be renewed. For more information about these security notifications, please visit our website at: https://security-notifications.cs.berkeley.edu Was this message helpful? Please take our survey: https://goo.gl/forms/X
I was surprised that this doesn’t break some kind of TOS.