Let's Encrypt certificate expiration notice for domain "..."

Hello,

I’m getting multiple e-mails per day that tell me, that some certificate of a website is about to expire.
However, I do not own these domains and never requested a certificate for them.
One example is: http://analytics.klavier-spielen-lernen.com/ or http://kratomize-me.de/.

If you’re using Plesk, read this: https://support.plesk.com/hc/en-us/articles/213398529-Let-s-Encrypt-certificate-renewal-notices-are-sent-to-wrong-email-addresses

Otherwise I have no idea, sorry.

I don’t use plesk and I also don’t see how this is related to this issue (since the mails are sent by letsencrypt).

There was a bug that caused Plesk to subscribe the wrong user’s email address to Let’s Encrypt’s notifications. But if you don’t use Plesk that’s indeed irrelevant.

Maybe someone with a similar email address mistyped it and entered yours instead? Nothing you can really do about it, except unsubscribe (though note that will unsubscribe you from notifications about your own domains too, if any).

I don’t think that over 10 people made a typo. I think that something is broken and the mails are send to the wrong addresses.

@auchri, do you use shared hosting at https://www.webgo.de/ for any of your domains? If so, then it may be issue similiar to the Plesk one. If not - no idea what happened here…

Also, I see that both domains you pasted point to the same IP address (37.17.224.47). Could you provide additional examples or check by yourself whether they also point to that IP? This may be a hint where the problem lies.

1 Like

@mkwm I’ve used that hosting provider in the past, but I switched to my own server since more than a year now.

And yes, the other domains of the mail’s I’ve got also point to that ip.

That starts to makes some sense - receiving completely random renewal emails would be strange, but now we know these domains have someting in common.

I guess someone at webgo.de did something wrong with their Let’s Encrypt integration and their control panel now uses your email address for every Let’s Encrypt account (or they have single Let’s Encrypt account assigned to your email address). If I were you, I would probably try to contact their support (according to whois data, 37.17.224.47 falls inside webgo GmbH address space) with full list of domains you got expiration warnings for and tell them that you suspect that something is wrong with their LE integration (as all these domains point to the same IP on their shared hosting and it seems unlikely that 10 people from the same IP address made exactly the same mistake).

You can unsubscribe from expiration notices, effectively “banning” Let’s Encrypt from sending you any expiration notices in future. Obviously, if you use the same email address for your own LE account and you want to receive them for your own domains, you’ll have to change it (some providers, such as Gmail, treat username+something@example.com as the same address as username@example.com, so maybe you won’t need to use additional mailbox).

1 Like

Well, I just talked with the webgo.de-Support and they told me, that it’s an error of Letsencrypt and you haven’t fixed it yet.

Of course I don’t want to unsubscribe from all of the expiration notices in future.

It’s fairly unlikely that this is due to an issue at Let’s Encrypt’s end rather than a bug in webgo’s Let’s Encrypt integration. Let’s Encrypt probably sends millions of these emails every month, so the likelihood that there’s a bug and no one else has run into it is relatively low.

webgo, assuming they’re the ones responsible for adding your email address to these ACME accounts, should be able to update the email address for the affected ACME account(s) with an API request to the ACME server. Feel free to tell them to reach out on this forum if they need assistance with this task.

If they’re unwilling to do this, your only option to stop receiving these emails would be to unsubscribe from all expiration notices, as @mkwm has mentioned. You could use an email alias (or the gmail address+foo trick) to resubscribe the domains you actually own.

PM me your email and I’ll take a look at what’s up.

I’ve looked at our logs, and this appears to be the case. There are a fair number of certificates issued for a variety of domains, by a single ACME account using Certbot on 37.17.224.47. That account has @auchri’s email address on it, but clearly doesn’t belong to @auchri.

@auchri, would you get in touch with webgo.de to convey the above information? They are very welcome to chime in on this thread and we will help them debug the issue. Most likely all they need to do is:

certbot register --update-registration -m example@webgo.de

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.