Let's encrypt validation without having certificate

Hello.
I recently moved out of a webhosting company(siteground) that used Let’s Encrypt certificates to a new company that does not use let’s encrypt.
I also added cloudflare to my domain and the main problem is i get these 404 not found errors:

URL: /.well-known/acme-challenge/mInegvGZbKsgRbU8-ZrKwArDL9KVJSe6ZF9rW_XEKV8

Agent info : Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)

Siteground support told me they removed my certificate from their system, but i still get those errors.
How can i stop this validation process, since i am not using Lets encrypt?

Thank you:)

1 Like

Why is this a problem?

I guess it just shouldn’t happen, which might be reason enough to call it a problem :wink:

Because let’s encrypt should not validate a certificate that is no longer valid for my website, makes sense?

1 Like

It makes sense, but someone is asking it to–it isn’t just deciding on its own to do this. My money would be on your former host.

1 Like

As i said, my former webhosting(siteground) said they deleted everything about my domain and if i still get those errors i should contact Let’s Encrypt directly.
That’s why i asked here :slight_smile:

1 Like

May be your domain name still points to your old provider?

1 Like

No.
First i changed name servers to new host, after a few days i added cloudflare and at the moment my ns point to cloudflare.

1 Like

Well, someone is triggering a validation. Let’s Encrypt doesn’t try to validate hostnames on its own: it’s always triggered by some ACME client.

If your previous webhost is really the only one who ever tried to validate Let’s Encrypt certificates, they didn’t clean up properly enough. But perhaps you yourself have experimented back in the day? Perhaps somewhere there’s an ACME client still running in a cronjob?

Also, did you receive these 404 errors even before you moved to the other hosting company? Or did it only start around the time you moved?

1 Like

For the whole year i was with siteground i never saw this error till the day i switched to another company.

1 Like

Try putting a kind CAA record into your DNS, which disallows Let’s Encrypt CA to issue certificate for your domain. The boulder will stop fireing challenge URLs to your host.

1 Like

If you are using Cloudflare, they might also request Let’s Encrypt certificates on your behalf. I’m not sure what’s the conditions here, but there’s previous reports seeing cloudflare universal SSL issued by Let’s Encrypt. (Also supported by their CAA record)

Are you sure you’ve deleted everything in siteground on your end? (Like your domains in the package?)

1 Like

I took a look at my logs and found the following:

2607:a680:3:50::143 - - [13/Jun/2020:08:01:35 -0500] “POST /wp-cron.php?doing_wp_cron=1592053295.3416180610656738281250 HTTP/1.0” 301 706 “http://www.mydomain.com/wp-cron.php?doing_wp_cron=1592053295.3416180610656738281250” “WordPress/5.4.2; https://www.mydomain.com

Now i disabled cronjob from wordpress, let’s see if this one will work.
I also did a test with www.check-your-website.server-daten.de and in the certifications section i got something interesting:
|CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US
|CN=CloudFlare Inc ECC CA-2, O=“CloudFlare, Inc.”, L=San Francisco, C=US, ST=CA
|CN=“cPanel, Inc. Certification Authority”, O=“cPanel, Inc.”, L=Houston, C=US, ST=TX
|CN=Cloudflare Inc ECC CA-3, O=“Cloudflare, Inc.”, C=US

As you can see, i got ssl from cloudflare, the cpanel one which is from my current webhosting company and the let’s encrypt one, so my guess is that they just simply deleted the certificate but didn’t revoke the certificate. One will expire at the end of this month and the second one will expire in august.
When i moved out of siteground i didn’t delete my files/database/etc… just canceled the subscription as it would expire soon. This is most likely my mistake, i rushed it, i should’ve revoked certificates first, delete all my files/db/etc… and then cancel my subscription.

Hi @Ionelxyz

that’s a wrong conclusion.

  • deleting the private key -> nobody can use the certificate -> revocation isn’t required
  • deleting / revoking a certificate doesn’t change the wrong running renew job.

You have such a wrong running renew job with your domain name.

May be your old hoster, may be your current system.

That

may be the source of your checks. If your WordPress has created certificates and if you move the WordPress to a new server without cancelling that job, that produces renews again and again.

1 Like

Thank you for you clarifications.
I will see tomorrow, if i still get those errors otherwise the problem was the cronjob.

1 Like

Nothings changed, i still get those errors, i don’t know what should i try.

Putting a Let’s Encrypt blocking CAA record didn’t help, neither? That’s strange.

I didn’t try that, because i don’t want to block anything these request should not be happening, i disabled the ipv6 compatibility on cloudflare and now the errors have ipv4 adress mostly from AWS:

64.78.149.164 - - [17/Jun/2020:08:01:20 -0500] "GET /.well-known/acme-challenge/yosyRK64x1vxM_Q_ffCe2m-wQWp0BbuXwy4U87VKjZw HTTP/1.0" 404 5548 "http://www.mydomain.com/.well-known/acme-challenge/yosyRK64x1vxM_Q_ffCe2m-wQWp0BbuXwy4U87VKjZw" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
64.78.149.164 - - [17/Jun/2020:08:01:20 -0500] "GET /.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo HTTP/1.0" 301 0 "http://mydomain.com/.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
52.28.236.88 - - [17/Jun/2020:08:01:20 -0500] "GET /.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo HTTP/1.0" 301 0 "http://mydomain.com/.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
34.222.229.130 - - [17/Jun/2020:08:01:20 -0500] "GET /.well-known/acme-challenge/yosyRK64x1vxM_Q_ffCe2m-wQWp0BbuXwy4U87VKjZw HTTP/1.0" 404 5548 "http://www.mydomain.com/.well-known/acme-challenge/yosyRK64x1vxM_Q_ffCe2m-wQWp0BbuXwy4U87VKjZw" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
52.15.254.228 - - [17/Jun/2020:08:01:20 -0500] "GET /.well-known/acme-challenge/yosyRK64x1vxM_Q_ffCe2m-wQWp0BbuXwy4U87VKjZw HTTP/1.0" 404 5548 "http://www.mydomain.com/.well-known/acme-challenge/yosyRK64x1vxM_Q_ffCe2m-wQWp0BbuXwy4U87VKjZw" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
34.222.229.130 - - [17/Jun/2020:08:01:20 -0500] "GET /.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo HTTP/1.0" 301 0 "http://mydomain.com/.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
3.14.255.131 - - [17/Jun/2020:08:01:20 -0500] "GET /.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo HTTP/1.0" 301 0 "http://mydomain.com/.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
52.28.236.88 - - [17/Jun/2020:08:01:20 -0500] "GET /.well-known/acme-challenge/yosyRK64x1vxM_Q_ffCe2m-wQWp0BbuXwy4U87VKjZw HTTP/1.0" 404 5548 "http://www.mydomain.com/.well-known/acme-challenge/yosyRK64x1vxM_Q_ffCe2m-wQWp0BbuXwy4U87VKjZw" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
64.78.149.164 - - [17/Jun/2020:08:01:22 -0500] "GET /.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo HTTP/1.0" 404 5548 "https://mydomain.com/.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
52.28.236.88 - - [17/Jun/2020:08:01:23 -0500] "GET /.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo HTTP/1.0" 404 5548 "https://mydomain.com/.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
34.222.229.130 - - [17/Jun/2020:08:01:23 -0500] "GET /.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo HTTP/1.0" 404 5548 "https://mydomain.com/.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)
3.14.255.131 - - [17/Jun/2020:08:01:22 -0500] "GET /.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo HTTP/1.0" 404 5548 "https://mydomain.com/.well-known/acme-challenge/FyDJAWJKnoxShJKfAfb7HbGw0J0dTGfD2bgIopWXcxo" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

Edit:
I did a test with https://transparencyreport.google.com/https/certificates and it appears one week before i moved out of siteground let’s encrypt renewed the certificate

Issuer C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
Validity May 31, 2020 — Aug 29, 2020

Does this mean that there is still an active certificate on siteground pointed to my domain which the let’s encrypt validation service tries to reach?

Thank you all for you support on this matter.

No, they shouldn’t. So you need to figure out what’s causing them. I don’t think anyone here can help you with that, though my money’s still on your old host.

Or you can ignore them–someone’s trying to validate your domain, and it’s failing, so they won’t get the cert they’re requesting. This isn’t hurting you at all, unless a few kilobytes of traffic is a problem.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.